im trying to configure SSL on HAproxy in Ubuntu 20.04. I have Windows machine as CA, now I have a problem with making a certificate file. I've searched internet but saw many solutions in creating PEM file. enter image description here
Here's a pic where I can download a certifciate and certificate chain. Which one do I need to create a PEM file for SSL on haproxy.
Related
I have Create SSL certificate using "Let's Encrypt" in Ubantu 18.10 .i follow below documentation to create SSL certificate.
https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates/
I have check SSL certificate was successfully created I have used below command to test it.
openssl verify chain.pem
openssl verify -CAfile chain.pem cert.pem
But Site not working getting 525 error.In cloudflare ""Universal SSL is Active "
Anyone please suggest possible solution to fix this Issue?
Thanks
I found solution. there is issue with apache config file.I have change port "443"
in apache config file and its working fine.
Thanks
hi i have installed lamp stack in compute engine and now bought a ssl from comodo how do i generate a csr from compute engine? and how to install SSL for my VM instance
The only items that matters are what is the OS and web server that is running in your VM. I will assume Apache Linux. You will need shell access to your VM. I am assuming SSH access.
The CSR is the certificate signing request. This is a type of document that details what will be in your SSL certificate issued by Comodo, such as your name, location, etc. You can generate the CSR on any computer. I use OpenSSL to generate a CSR. Comodo documentation on how to generate a CSR:
CSR Generation: Using OpenSSL (Apache w/mod_ssl, NGINX, OS X)
Next you need to upload the CSR to Comodo. They will generate your certificate:
Generate and Submit a CSR
Comodo will generate your certificate. Depending on the type of certificate that your purchase, this will take one or two days. Don't forget the validation method that they require. In the document link this is DV (Domain Validation) which means you create a special record in your DNS server for your domain.
Next you will install your certificate. This is web server specific. Here is a link for Apache:
SSL Certificate Installation in Apache
I'm trying to enable SSL on SOLR with a SAN cert - I ran the keytool.exe to generate the .jks file from the cert file. That process went fine. I copied the .jks file over to the /etc directory, and then I enabled SSL in solr.in.cmd file. Then when I try to access the site, it tell me: "The client and server don't support a common SSL protocol version or cipher suite." Is the issue with the cert, or issue with the way I generated the .jks file? Any help with this would be appreciated.
MORE INFO:
I learned that .cer files only contain the public key, and the private key is on the machine that generated the CSR. However, in this case, the machine that the cert is installed on is probably not the machine that the CSR was generated in. So, given this situation, how do I generate the keystore file to be used in SOLR?
I have installed SSL Certificate manually that I had brought from Godadday. It installed successfully but it shows self signed certificate which is not trusted or displays cross on https.
What is the solution ?
It is showing because it does not recognized the certificate that you get from Godaddy.
The CSR certificate has to upload on your site and make changes on apache config file.
Make sure your CSR file should not match with the private key that you submitted to verify your site.
Installing a SSL certificate requires some server administration knowhow, especially updating web server configuration.
DigitalOcean has a great tutorial on how to install a SSL certificate from GoDaddy: https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority#example-ca-2-godaddy
Maybe it helps.
To check if you installed it correctly, you can use Qualys SSL Server Test at https://www.ssllabs.com/ssltest/index.html
i've created a self signed CA with DSA using OpenSSL and created a .der file using x509 of openSSL.
I can create user certificate requests, verify them and create user certificates. can create signature and verify them also.
but what to do with the .der file? i can do all the above things with .cert or .pem files. .der supposed to be shown side to the browser address bar. how to install that?
i'm using PHP and Apache.
I think you should read that :
DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them
i got it. i need to install the .der in my server using config files of apache-openssl.
i've tried that with xampp. initially it worked for the 1st time. i installed the cert files in the browsers. and got the public shown for the page from the address bar.
later when i restarted apache, the whole xampp was crashed and i'was unable to start apache. i needed to re-install xampp and then i'm able to start apache again.