I requested a certificate from godaddy and I received 5 files.
generated-csr.txt
generated-private-key.txt
5d4965adef6f6ca8.pem
5d4965adef6f6ca8.crt
gd_bundle-g2-g1.crt
And on IBM Cloud SSL configuration board, I have to upload the following:
Certificate - Allowed file extensions: cert, cer, der, crt, pem, p7b, p7r, spc
Private Key - Allowed file extensions: key, pem, p8, pk8
Intermediate certificate (optional) - Allowed file extensions: cert, cer, der, crt, pem, p7b, p7r, spc
Client certificate trust store (optional) - Allowed file extensions: cert, cer, der, crt, pem, p7b, p7r, spc
I have tried different combinations but I can not get it to work. Even when it says that the upload was succsessful and I save it, when I try to acces my aplication url it says that the certificate is invalid and it shows an IBM certificate and not the godaddy certificate.
Related
I am able to configure security with the openssl certificates. But with the Godaddy certificates, I could not configure the secure mosquitto.
I got 3 files from Godaddy SSL,
2324145e73d34dad.crt
2324145e73d34dad.pem
gd_bundle-g2-g1.crt
As per the Godaddy site, the 1st one is Root certificate i.e ca.crt
3rd one is the intermediate / chain certificate.
But I want the server.crt and server.key to configure.
How can we configure the ssl with those files? Can we generate the server.key and server.crt with them?
You should already have the private key, you needed to use it to generate the CSR you sent to Godaddy to get the certificate signed.
2324145e73d34dad.pem sounds like it's your server certificate (which is what mosquitto wants)
From the man page:
certfile file path
Path to the PEM encoded server certificate. This option and keyfile must be present to enable certificate based TLS encryption.
The issue is with the private key encoding.
When we download the private key from GoDaddy, it is in UTF-8-BOM encoding, we need to change the Encoding to UTF-8.
I need to create a PEM file of a SSL (CA) certificate. Chrome does provide an option to view the certficate and export it as Base64 encoded X.509 (.CER)* file. In addition, the file extension can be changed to .PEM. Does the certificate only contain public information and can it safely be shared with other people (let's say colleagues)?
E.g. Stackoverflow contains a Root CA certificate. If I create the PEM file and share it with somebody, does it even matter or is there any security risk?
Background info: I need to export the SSL certificate (as .PEM) from an API endpoint in order to add it as trusted CA certificate in Postman.
I newer to configure SSL setup
I have .crt file and
CA signed files
Root CA Certificate
Intermediate CA Certificate
Intermediate CA Certificate
Your PositiveSSL Certificate
How should I create .jks file from the above files.I checked alot but didn't work for me
Can anyone help me out
or
I need to configure tomcat with ssl is there any other way to configure without .jks file please let me know
Lets'Encrypt provided me with a "Signed Certificate" and an "Intermediate Certificate". I had to create a private key domain.key for the domain before.
Now ListenAndServeTLS expects a certificate and a key file.
I guess the "keyfile" is the locally generated domain.key file but what do I do with a "Signed Certificate" and an "Intermediate Certificate" if ListenAndServeTLS expects two files?
As with most http servers, the Go tls server implementation only accepts a single file for the certificate. From the net/http documentation:
If the certificate is signed by a certificate authority, the certFile should be the concatenation of the server's certificate, any intermediates, and the CA's certificate.
All you need to do is concatenate the files together.
I am trying to set an HTTP load balancer with SSL.
I have two files - certificate.pem and unencryptedkey.pem.
But the UI of google asks for three fields:
Public key certificate,
Certificate chain,
Private key
What goes where and where do I get the third one?
I managed to use only 2 but the browser asks for permission and that is wrong.
When you buy the SSL certificate you should get some more files. In my case, I got a .ca file (certificate chain), a .crt file (the certificate), a .csr file (the request), and a .key file (your private key)
You need
public key => the crt file
certificate chain => your ca file(s concatenated)
private key => your .key
My guess is that you have created the certificates, i.e. you haven't purchased them from some certificate authority. With self-signed certificates browser warns you, since certificate validity can't be verified from a certificate authority.
If this is the case, you should do some learning regarding certificates and how they work.