I am trying to send multiple server certificate for authentification with browser.
Generating multiple selfsigned certificates;
self signed cert1
self signed cert2
and appending to file like this;
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
On Mozilla browser, if I click on site information, then I can see two cert, but it always
verify with topmost first certificate only.
Is there a way to verify all generated self signed certificate by browser?
Related
I received the following three sections from RapidSSL
Web Server CERTIFICATE
-----------------
-----BEGIN CERTIFICATE-----
BLABLABLA 1
-----END CERTIFICATE-----
INTERMEDIATE CA:
---------------------------------------
-----BEGIN CERTIFICATE-----
BLABLABLA 2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
BLABLABLA 3
-----END CERTIFICATE-----
how i can create the 3 files for configure apache like:
SSLCertificateFile /etc/httpd/conf/ssl.crt/your_leaf_certificate.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/your_domain_name.key
SSLCACertificatePath /etc/httpd/conf/ssl.chain/your_intermediate_chain.crt
im expecting to find this
-----BEGIN RSA PRIVATE KEY-----
but can't find it :(
The problem that you have is that you will have to download from CertCentral the certificate bundle. You will have to login into digicert.com, and get your certificates. Click Certificates > Click orders > select order > download cert.
After you download the certificate, you can use this tool called Utility Tool For Windows Tool
After that, you can import your cert into that tool, and you will be able to export it to be able to get a pem file with your key as an individual file.
If you purchased this certificate through a third-party vendor, I will recommend you to get a new CSR and send it to them to make sure they can reissue your certificate.
I'm trying to install Comodo Essential SSL via Vestacp here's that I did. I opened www_example_com.crt and copied the digest and pasted it into SSL Certificate box then opened www_example_com.key used to generate the ssl at the beginning which starts with -----BEGIN PRIVATE KEY----- and pasted the digest into SSL Key box then copied the digest of the other 3 files in this order into one file and copied the whole digest and pasted it into SSL Certificate Authority / Intermediate box but I get SSL intermediate chain is not valid
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt
SectigoRSADomainValidationSecureServerCA.crt
Final digest looks like this
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
I checked the certificate and the key and have no issue using https://www.sslshopper.com/certificate-key-matcher.html
I restored a back up so the key file doesn't exist on the server now does it matter? It's the first time I try to install SSL so please assist. Thanks in advance.
The Authority digest must be the content of these files in this order
SectigoRSADomainValidationSecureServerCA.crt
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt
I have an API server using a non-self signed certificate issued by a respected CA. When I connect to this server I get the following error:
x509: certificate signed by unknown authority
I connect using a golang client using the net/http library. The certificate is properly configured as I do not get an error complaining about it.
I did not expect this error because I am using a CA. I am not getting the error when using a web browser.
The problem was that I did not pass the intermediate CA certificate to the http server. The method http.ListenAndServeTLS requires the intermediate CA certificate in the same certificate file.
The fix was easy, just add the intermediate certificate of your CA in your certificate file:
-----BEGIN CERTIFICATE-----
<YOUR OWN CERTIFICATE>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<INTERMEDIATE CA CERTIFICATE>
-----END CERTIFICATE-----
I've installed a SSL certificate on my Website, but the intermediate.crt isn't working.
Any SSL Checker (e.g. GeoTrust Checker) told me, that an intermediate key is missing.
On the website a SSL certificate was already in use, only the switch from SHA1 to SHA2 is new.
I use this structure:
-----BEGIN CERTIFICATE-----
(Secondary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Primary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root certificate)
-----END CERTIFICATE-----
Who has an idea to solve this problem?
I solve it.
It was the wrong reference to the intermediate
We have a password-protected pfx file, expiring in a few days, which we use to sign our exes.
We have renewed our SSL certificate from Symantec, but all we have received is a bunch of data:
Below is your Code Signing certificate:
-----BEGIN CERTIFICATE-----
base-64 encoded data
-----END CERTIFICATE-----
Below is the intermediate CA certificate:
-----BEGIN CERTIFICATE-----
base-64 encoded data
-----END CERTIFICATE-----
Below is your certificate in pkcs7 format:
-----BEGIN CERTIFICATE-----
base-64 encoded data
-----END CERTIFICATE-----
I have seen a few tutorials to create pfx files from .cer and .key files, but the fun part is, Symantec doesn't use the same terminology as the rest of the world. So I don't know which is which. And no single tutorial explains what should be in the files, so I can't go from there either. So, I don't know how to create the .key file, for instance.
Thanks!
It turns out that the main requirement is to install the certificate on a browser, from the computer that has made the request for a new certificate.
Then, most browsers (IE, FF, Chrome) can export it to PFX from the installed certificates list.
More info can be found here:
http://blog.ksoftware.net/2011/07/exporting-your-code-signing-certificate-to-a-pfx-file/
http://blog.ksoftware.net/2011/07/exporting-your-code-signing-certificate-to-a-pfx-file-from-firefox/
https://knowledge.verisign.com.sg/support/code-signing-support/index?page=content&id=AR190&actp=search&viewlocale=en_US&searchid=1360582675798