how to deploy/install a csr certificate in apache? - ssl

So, I bought an SSL Certificate from godaddy for one of my domains. it gave me one generated-csr.txt and generated-private-key.txt. I've been looking for a while on how to deploy a CSR certificate, but couldn't find any that is understandable. Even godaddy itself uses the .crt format in their tutorial
Also they uses SSLCertificateChainFile which I don't if I am suppose to chain my private key and csr to get this or what?
URL: https://au.godaddy.com/help/manually-install-an-ssl-certificate-on-my-apache-server-centos-5238
Can someone explain, how do I deploy my certificate manually to apache2?

Related

Godaddy Wildcard Cert and Missing Private Key

A wildcard certificate from Godaddy was recently purchased by my organization. While walking through the steps on the Godaddy's site to setup the cert, I typed in the domain name instead of uploading a CSR. Fast forward, this will be for Windows servers and I downloaded the certificate bundle. I see one PEM file and two CRT files. In short, the PEM file is really a Certificate and not the private key. Since I did not upload a CSR and let Godaddy do this, how do I get the private key?

How do I install SSL? No Key or CA, Only CRT

I have a VPS with Apache2.
I have installed SSL before in my websites, but always form freeSSL or ZeroSSL, they give me 3 files:
Private.key
ca_bundle.crt
certificate.crt
I replace them for the old ones and all is peachy (I configured it once and just replace the files on reactivation).
Now I have issued a year long SSL service from Comodo SSL, and they send me a mail with this information:
"Thank you for placing your order. We are pleased to announce that your PositiveSSL Certificate for * has been issued.
Attached to this email you should find a .zip file containing:
Root CA Certificate - AAACertificateServices.crt
Intermediate CA Certificate - USERTrustRSAAAACA.crt
Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt
Your PositiveSSL Certificate - ***.crt
You can also find your PositiveSSL Certificate for ** in text format at the bottom of this email."
And I really have no Idea what to do... I tried Google but can't find any guide, they talk about CSR or other things and I just want to install this and forget about it for a year like I did before for 90 days...
Please help me, I need to have SSL running for my Magento 2 installation to work.
To use a certificate you need the certificate file itself (.crt) AND the key file (.key) ( Extensions may vary but, as you know, on linux it doesn't matter): if you're missing one of these, you're pretty much screwed.
To get a certificate, the following steps are necessary:
a key file needs to be generated
from the key file a CSR is generated
the CSR is signed by a CA (for you it's Comodo) and the result is the certificate file
The key file and the csr can be generate by you (who are requesting the new certificate) or (in this case) by Comodo during the procedure you followed. According to what you wrote, probably, during the procedure you've been asked to provide a key or let them generate one and you picked the 2nd option.
I've never used Comodo so I don't know how their interface works but IMHO you have 2 options: login with your account and look for an area where you can download the certificate and check for the possibility to download the key too OR contact them and ask for support to download the key file.
There is no way to use the certificate file without a key file.
I generated the certificate using an option of my webhosting service (Hostinger) to buy a comodo SSL certificate, as I said the email of Comodo didn't give me the key file BUT, after some hours the comodo ssl service started showing on my webhosting control center and going through some menus I reached a button called "download SSL", that downloaded a ZIP with the same files PLUS the key file. This was very random and nowhere stated, and I found it by coincidence but is solved. Thanks. The other option was to reach Comodo or Hostinger for help.

How do you use a Let's Encrypt certificate with the Alexa service?

I created a Let's Encrypt certificate using SSLforFREE. It works great in the browser, but generates an "unknown certificate" error when used with an Alexa skill. Manually uploading the certificate to the Alexa service works, but it will not work as a "trusted" certificate.
Has anyone successfully used one of these as a "trusted" certificate with Alexa?
Oh, here's what you can do:
Download the contents of your fullchain.pem cert, from /etc/letsencrypt/live/<domain>/fullchain.pem on your server
On your skill config page, select the "SSL" Tab.
Mark "I will upload a self-signed certificate in X.509 format."
Paste the contents of your fullchain.pem file.
It worked for me. Not sure if chain or cert would be enough.
Dont use sslforfree. Use Letsencrypt fullchain certificates directly
Though certificates from https://www.sslforfree.com/ utilizes letsencrypt certificate chain, amazon finds an issue while tracing to a trusted certificate authority.
This is another discussion on missing certificate chains.
The solution that will work is, Use LetsEncrypt certificates directly with chained certificates to a trusted CA certificate.
For this, use certbot in order to generate LetsEncrypt certificate on your Server and follow the steps in #aldrinleal answer.

How to Renew SSL Certificate on Amazon Web Services/Apache

I got this problem for about a week now, My client ask me to renew the SSL certificate which expired already. I followed a lot of tutorials already but nothing help me.
I have this certificates provided:
Private Key
Intermediate Certificate
CSR
Public Certificate
The server is Amazon and uses Apache/HTTPD
I saved the private key as .key file and the rest is .crt
By the way, I setup the ssl.conf because that is where the Virtual Host is located.
I saved my certificates in, /etc/httpd/conf/ssl.cert/
I saved my keys in, /etc/httpd/conf/ssl.key/
and the location of my ssl.conf: /etc/httpd/conf.d/ssl.conf
My questions are:
What's the usual way on renewing SSL Certificates?
What's all I need to renew it?
Can I do it only on the FTP client or I need to go to my AWS page and set it up there?
I am really desperate to get out of this embarrassment. I hope someone would help me do it. Thanks in advance.
You need to create a CSR (certificate signing request) that contains the server's information. (There are many, many guides on how to do this using openssl.) You then purchase a SSL certificate from your certificate issuer of choice and provide them with the CSR. When your order is complete they will issue you a SSL certificate that you can download and install in Apache. If you go to the issuer of the original certificate they will likely have a renew process that will walk you through all of the steps.

Rapid SSL private key in to setup https with my apache sever

I bought SSL certificate to apply it to my site which is hosted in Digitalocean VPS,
When I bought SSL , Rapid SSL emailed the keys with that email.
In that mail they mentioned
public.crt and intermediate.crt but they did not provide me any private.key.
But in their installation guide they wrote like this
SSLCertificateFile /usr/local/ssl/crt/public.crt
This will need to point to the your SSL certificate itself that we issued to you
SSLCertificateKeyFile /usr/local/ssl/private/private.key
This will need to point to the private key file associated with your certificate.
SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
This will need to point to the the intermediate file
Now how can I get this private.key file
Thanks in advance...
You must have started with a private key of your own. The process goes like this:
You create a keypair.
You create a Certificate Signing Request (CSR) which wraps the public key.
You submit the CSR.
They sign it and send back the signed certificate and their own certificate chain.
You couldn't have got to first base without a private key.