I issue SSL certificates via API request and then end of the request I am getting certificate chain in string format(Not Pem file). So I need to get attribute values from the chain and for that reason I need to split that chain. I already have methods for the getting values, only thing that I need to get that chains separately.
I am getting four different certificate chain in String like below;
-----BEGIN CERTIFICATE------
asdm1239asdkqkweqwejamdasdma
asdm1239asdkqkweqwejamdasdma
asdm1239asdkqkweqwejamdasdma
-----END CERTIFICATE--------
-----BEGIN CERTIFICATE------
asdm1239asdkqkweqwejamdasdma
asdm1239asdkqkweqwejamdasdma
asdm1239asdkqkweqwejamdasdma
-----END CERTIFICATE--------
-----BEGIN CERTIFICATE------
asdm1239asdkqkweqwejamdasdma
asdm1239asdkqkweqwejamdasdma
asdm1239asdkqkweqwejamdasdma
-----END CERTIFICATE--------
-----BEGIN CERTIFICATE------
asdm1239asdkqkweqwejamdasdma
asdm1239asdkqkweqwejamdasdma
asdm1239asdkqkweqwejamdasdma
-----END CERTIFICATE--------
So I need to get each chain between the -----BEGIN CERTIFICATE------ and -----END CERTIFICATE-----
then I already have method for the reading of the chain. (getIssuer, getSerialNumber etc.)
Do you have any short cut solution for that ?
Related
I have 4 certificate files like this:
1.certum_certificate.crt
2.certum_certificate.pem
3.Intermediate_CA2.cer
4.Intermediate_CA.cer
5.Root_CA.cer
I put these files content by this order in a bundle file and i figured out that my SSL chain is incomplete.
how should i arrange them in bundle file?
Just concatenate the three parts into a single file like this (fullchain.pem) :
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISA/UUyBjJ71fucZuvpiLsdfsfsdfsdfd
...
hoFWWJt3/SeBKn+ci03RRvZsdfdsfsdfw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinsdfsfsdfsdfdsfsdfsd
....
nLRbwHqsdqD7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBsdfSDFSDFVSDVzfsdffvqdsfgsT664ScbvsfGDGSDV
...
Dfvp7OOGAN6dEOM4+SDFSDZET+DFGDFQSD45Bddfghqsqf6Bsff
-----END CERTIFICATE-----
The order must be backwards. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it :
Original issuer —> Intermediate issuer 1 —> Final Root issuer which is a root certificate authority and can be trusted.
It's possible to have several intermediates : ...—> Intermediate issuer 1 —> Intermediate issuer 2 —>...
I have been supplied with a signed certificate in .pem format and wanted to know if there was a way to split it into 3 separate files for CA, Cert and Key? I need to ingest this into Vault using IAC and a series of scripts and the method/code we are using requires 3 separate files. Any help would be greatly appreciated.
The format of the key is as follows. I can establish that the first block is the private key but not sure how to establish the other blocks? is there a way using OpenSSL I can determine this?
-----BEGIN RSA PRIVATE KEY-----
----- END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Thanks.
I'm trying to install Comodo Essential SSL via Vestacp here's that I did. I opened www_example_com.crt and copied the digest and pasted it into SSL Certificate box then opened www_example_com.key used to generate the ssl at the beginning which starts with -----BEGIN PRIVATE KEY----- and pasted the digest into SSL Key box then copied the digest of the other 3 files in this order into one file and copied the whole digest and pasted it into SSL Certificate Authority / Intermediate box but I get SSL intermediate chain is not valid
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt
SectigoRSADomainValidationSecureServerCA.crt
Final digest looks like this
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
I checked the certificate and the key and have no issue using https://www.sslshopper.com/certificate-key-matcher.html
I restored a back up so the key file doesn't exist on the server now does it matter? It's the first time I try to install SSL so please assist. Thanks in advance.
The Authority digest must be the content of these files in this order
SectigoRSADomainValidationSecureServerCA.crt
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt
I want to have ssl certificate on my IIS server, so I get on my Mail letter from reg.ru with:
You certificate is presented below: (original language: Ваш сертификат предоставлен ниже)
-----BEGIN CERTIFICATE-----
[values]
-----END CERTIFICATE-----
Root certificate (original language: Корневой сертификат)
-----BEGIN CERTIFICATE-----
[values]
-----END CERTIFICATE-----
Intermediate certificate (original language: Промежуточный сертификат)
-----BEGIN CERTIFICATE-----
[values]
-----END CERTIFICATE-----
Request for a certificate (original language: Запрос на получение сертификата)
-----BEGIN CERTIFICATE REQUEST-----
[values]
-----END CERTIFICATE REQUEST-----
Save the private key on the local computer (original language:Сохраните приватный ключ на локальном компьютере.)
-----BEGIN RSA PRIVATE KEY-----
[values]
-----END RSA PRIVATE KEY-----
But my IIS requires .cer file, what have I to do to get .cer file?
Oh, I find a solution
go here
https://www.sslshopper.com/ssl-converter.html
create pfx file from first certificate, private key, Intermediate certificate and root sertificate
click import in iis server sertificates page and select this file.
(Maybe my problem because of service reg.ru)
I've installed a SSL certificate on my Website, but the intermediate.crt isn't working.
Any SSL Checker (e.g. GeoTrust Checker) told me, that an intermediate key is missing.
On the website a SSL certificate was already in use, only the switch from SHA1 to SHA2 is new.
I use this structure:
-----BEGIN CERTIFICATE-----
(Secondary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Primary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root certificate)
-----END CERTIFICATE-----
Who has an idea to solve this problem?
I solve it.
It was the wrong reference to the intermediate