I newer to configure SSL setup
I have .crt file and
CA signed files
Root CA Certificate
Intermediate CA Certificate
Intermediate CA Certificate
Your PositiveSSL Certificate
How should I create .jks file from the above files.I checked alot but didn't work for me
Can anyone help me out
or
I need to configure tomcat with ssl is there any other way to configure without .jks file please let me know
Related
I am trying to install the SSL certificate on the IIS, I am following the exact step mentioned here https://pk.godaddy.com/help/manually-install-an-ssl-certificate-on-my-iis-10-server-27349.
Steps I did:
I purchased the SSL certificate from Go Daddy
I configured that on Go Daddy by giving the domain name
Submit the changes for getting the certificate
After verification downloaded the certificate
Created .Cer file from the .crt file
Imported the gd-g2_iis_intermediates.p7b in MMC under the intermediate certificate authority
Create a request in IIS and import .Cer file
After refreshing that window, the certificate doesn't appear
Am I doing something wrong in this?
So the thing is I was facing an issue because I couldn't able to produce the .pfx file from my machine using MMC, but DigiCert tool helped me to create the .pfx file from the .crt file I got from the Go Daddy. Instructions to create the file are on this link
https://www.digicert.com/kb/util/pfx-certificate-management-utility-import-export-instructions.htm
Later I went to the MMC and to the intermediate certificate authority and I imported the .pfx file along with the password and the certificate got exported to the system and to the IIS and now it's visible in the IIS.
I am able to configure security with the openssl certificates. But with the Godaddy certificates, I could not configure the secure mosquitto.
I got 3 files from Godaddy SSL,
2324145e73d34dad.crt
2324145e73d34dad.pem
gd_bundle-g2-g1.crt
As per the Godaddy site, the 1st one is Root certificate i.e ca.crt
3rd one is the intermediate / chain certificate.
But I want the server.crt and server.key to configure.
How can we configure the ssl with those files? Can we generate the server.key and server.crt with them?
You should already have the private key, you needed to use it to generate the CSR you sent to Godaddy to get the certificate signed.
2324145e73d34dad.pem sounds like it's your server certificate (which is what mosquitto wants)
From the man page:
certfile file path
Path to the PEM encoded server certificate. This option and keyfile must be present to enable certificate based TLS encryption.
The issue is with the private key encoding.
When we download the private key from GoDaddy, it is in UTF-8-BOM encoding, we need to change the Encoding to UTF-8.
On my Github enterprise when I install the SSL certificate with the key its displaying an error message:
"Github ssl cert The certificate is not signed by a trusted
certificate authority (CA) or the certificate chain is missing
intermediate CA signing certificates."
I was given from our certification authority team 4 certificates.
SSL certificate : github.pem
A set of 3 CA certificates : root, subca and subca2
On my Github enterprise management console, it needs 2 entries
A x509 SSL certificate
Unencrypted key
I have tried github.pem key alone and with different combination by concatenating CA certificates, but its failing always with the same error.
Is there a pattern to concatenate the certificate?
Any clue how i can resolve this?
Thanks in advance.
Please abide the following steps to add 3 certificates to your .pem file:
Open your domain certificate pem file in Notepad ++.
Add intermediate (DigiCertCA2.pem) certificate under Domain certificate.
Add root certificate (TrustedRoot.pem) to your domain certificate.
Save the .pem file that have the following 3 certificates (domain , intermediate, root).
Upload the modified certificate.pem file and the private key.
click on Save Settings.
I had the same issue.
When trying to load the PEM and Key files to GitHub Enterprise I got the same message. The cert was created using the exact same methods as I have done before, but was failing.
Github ssl cert The certificate is not signed by a trusted certificate authority (CA) or the certificate chain is missing intermediate CA signing certificates.
Steps I took:
Created a cert for the server (webserver with Private Key)
Exported from my users personal store (PFX including all certs in the path and export all extended properties)
C:\OpenSSL-Win64\bin> openssl.exe pkcs12 -in git_key_included.pfx -nocerts -out priv-key.pem -nodes
C:\OpenSSL-Win64\bin> openssl.exe pkcs12 -in git_key_included.pfx -nokeys -out cert.pem
C:\OpenSSL-Win64\bin> openssl rsa -in priv-key.pem -out server.key
I eventually figured it out by opening the PEM using Notepad++. The openssl commands work fine on the old exported cert, but swap around the ordering of the certs on the new exported cert. The broken cert had:
Primary SSL certificate
Root certificate
Intermediate certificate
Instead of the correct ordering of:
Primary SSL certificate
Intermediate certificate
Root certificate
So I swapped them around and it worked.
I have simple app runing on jboss server. I have following certificates:
Self Signed Root CA, intermediate CA 1 (signed by root), intermediate CA 2 (signed by root), .pfx certificate for my webpage. I had created a keystore with my .pfx certificate and added it to correct folder in jboss and modified http connection in server.xml file. Anyway when i acccess webpage i see warning triangle that CA is unknown. My question is how shoudl i configure jboss to make warning disappear? Soudl i add it to the trustore? or only way is to add it to Windows/web browser root store?
The browser's warning page appears because the self-signed certificate is not locally trusted. There is nothing that can be done on the server end to hide this warning.
You must put the certificate in the browser's trust store, or get a certificate from a certificate authority that is already trusted.
While I know nothing about SSL or installing SSL Certificates, I'm sure one of the many results Google will give me for CentOS, SSL certs and Apache would help.
However, the certificate files which have been provided for this project are a .pfx file, .cer (the certificate) file and a .txt (apparently a certificate request) file, none of which are mentioned in the articles I'm finding.. they all talk of .crt and .key files.
Is there a particular way I should be converting these files, presumably via openssl, into something I can use in Apache?
.pfx files tend to be PKCS#12 files (which will contain the private key, the certificate and possibly the issuer certificate chain). They're sometimes called .p12. OpenSSL can extract private key and certificate from PKCS#12 files (via its openssl pkcs12 command), you should be able to find documentation to do this, via Google or other questions on SO.