I am trying to install the SSL certificate on the IIS, I am following the exact step mentioned here https://pk.godaddy.com/help/manually-install-an-ssl-certificate-on-my-iis-10-server-27349.
Steps I did:
I purchased the SSL certificate from Go Daddy
I configured that on Go Daddy by giving the domain name
Submit the changes for getting the certificate
After verification downloaded the certificate
Created .Cer file from the .crt file
Imported the gd-g2_iis_intermediates.p7b in MMC under the intermediate certificate authority
Create a request in IIS and import .Cer file
After refreshing that window, the certificate doesn't appear
Am I doing something wrong in this?
So the thing is I was facing an issue because I couldn't able to produce the .pfx file from my machine using MMC, but DigiCert tool helped me to create the .pfx file from the .crt file I got from the Go Daddy. Instructions to create the file are on this link
https://www.digicert.com/kb/util/pfx-certificate-management-utility-import-export-instructions.htm
Later I went to the MMC and to the intermediate certificate authority and I imported the .pfx file along with the password and the certificate got exported to the system and to the IIS and now it's visible in the IIS.
Related
Our exchange and many web servers SSl certs are going to expire.I have bought the renewal cert from godaddy.I got the .crt ,.pem and .p7b files but how do i change it to the .pfx?
I tried to export the old ssl cert from one of the iis server.It says a private key is combined with it.How to create a new .pfx file from a old .pfx?
After downloading the P7B (or CER) , double-click on the certificate file and the Windows certmgr application will open.
You can find the install certificate option, Select that
Install the certificate in your local machine
After completing all the installation step you can see the certificate in your certificate manager right click on it and export
Select export with a private key
Select pfx format to export
I have a VPS with Apache2.
I have installed SSL before in my websites, but always form freeSSL or ZeroSSL, they give me 3 files:
Private.key
ca_bundle.crt
certificate.crt
I replace them for the old ones and all is peachy (I configured it once and just replace the files on reactivation).
Now I have issued a year long SSL service from Comodo SSL, and they send me a mail with this information:
"Thank you for placing your order. We are pleased to announce that your PositiveSSL Certificate for * has been issued.
Attached to this email you should find a .zip file containing:
Root CA Certificate - AAACertificateServices.crt
Intermediate CA Certificate - USERTrustRSAAAACA.crt
Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt
Your PositiveSSL Certificate - ***.crt
You can also find your PositiveSSL Certificate for ** in text format at the bottom of this email."
And I really have no Idea what to do... I tried Google but can't find any guide, they talk about CSR or other things and I just want to install this and forget about it for a year like I did before for 90 days...
Please help me, I need to have SSL running for my Magento 2 installation to work.
To use a certificate you need the certificate file itself (.crt) AND the key file (.key) ( Extensions may vary but, as you know, on linux it doesn't matter): if you're missing one of these, you're pretty much screwed.
To get a certificate, the following steps are necessary:
a key file needs to be generated
from the key file a CSR is generated
the CSR is signed by a CA (for you it's Comodo) and the result is the certificate file
The key file and the csr can be generate by you (who are requesting the new certificate) or (in this case) by Comodo during the procedure you followed. According to what you wrote, probably, during the procedure you've been asked to provide a key or let them generate one and you picked the 2nd option.
I've never used Comodo so I don't know how their interface works but IMHO you have 2 options: login with your account and look for an area where you can download the certificate and check for the possibility to download the key too OR contact them and ask for support to download the key file.
There is no way to use the certificate file without a key file.
I generated the certificate using an option of my webhosting service (Hostinger) to buy a comodo SSL certificate, as I said the email of Comodo didn't give me the key file BUT, after some hours the comodo ssl service started showing on my webhosting control center and going through some menus I reached a button called "download SSL", that downloaded a ZIP with the same files PLUS the key file. This was very random and nowhere stated, and I found it by coincidence but is solved. Thanks. The other option was to reach Comodo or Hostinger for help.
I have a working local website which I enabled via IIS Manager on Windows 10 Home. Now I want to serve my website via HTTPS instead of HTTP. I have created and added self-signed SSL cert using OpenSSL and MMC (following this blog). However, when I tried to add the HTTPS binding to my website using the IIS Manager, there is NO cert displayed for me to add for the binding. See screen shot. Can someone suggest what I might be missing? How do I bind the key/cert to my local website under Windows 10?
It looks like you forgot to import .pfx file to your IIS server certificate.
Please go to IIS manager->server side->server certificates.
Then click import.. button to upload your certificate.
After uploading the certificate, you should be able to select your certificate in IIS binding.
OK, so it turns out the self-signed cert in the procedure is in the .cer/.pem format, whereas Windows IIS expects a .pfx. The confusion part is the fact the tutorial also demonstrates using Windows MMC and IIS, and that MMC "accepts" the .cer when I did the certificate import.
Bottomline: I need to package my .key and .cer files into a .pfx file using the following command before importing the cert into my Personal store:
openssl pkcs12 -export -out my.pfx -inkey my.key -in my.crt
During cert import using MMC, I did need to change the file extension using the dropdown list. Now this cert would show up when I add the website binding via IIS Manager.
I have simple app runing on jboss server. I have following certificates:
Self Signed Root CA, intermediate CA 1 (signed by root), intermediate CA 2 (signed by root), .pfx certificate for my webpage. I had created a keystore with my .pfx certificate and added it to correct folder in jboss and modified http connection in server.xml file. Anyway when i acccess webpage i see warning triangle that CA is unknown. My question is how shoudl i configure jboss to make warning disappear? Soudl i add it to the trustore? or only way is to add it to Windows/web browser root store?
The browser's warning page appears because the self-signed certificate is not locally trusted. There is nothing that can be done on the server end to hide this warning.
You must put the certificate in the browser's trust store, or get a certificate from a certificate authority that is already trusted.
After changing ssl certificate authority from Thawte to DigiCert.
SSL certificate installation issue.
After installing new DigiCert ssl certificate in our server. It is still referring to old Thawte ssl certificate even though we removed old certificate from the server.
Looks like you have another vhost file using the old certificate , please remove that from your . Also make sure you properly restart apache after adding the new certificate .
To check your installation you can use the tool below
Thawte certificate checker
To see what certificate you are using, you can use the following tool Tool
This tool will allow you to check what certificate is installed on your server. Then, you can use the utility tool utility tool
You will be able to see all of the certs from your local machine or server. If you don't see the certificate there, you can import your certificate with that tool. If the utility tool mentions that your private key doesn't match, you will have to recreate the CSR with the utility tool and you will have to reissue your cert. If you reissue your cert, you will not invalidate the original request.