I'm trying to install Comodo Essential SSL via Vestacp here's that I did. I opened www_example_com.crt and copied the digest and pasted it into SSL Certificate box then opened www_example_com.key used to generate the ssl at the beginning which starts with -----BEGIN PRIVATE KEY----- and pasted the digest into SSL Key box then copied the digest of the other 3 files in this order into one file and copied the whole digest and pasted it into SSL Certificate Authority / Intermediate box but I get SSL intermediate chain is not valid
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt
SectigoRSADomainValidationSecureServerCA.crt
Final digest looks like this
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
I checked the certificate and the key and have no issue using https://www.sslshopper.com/certificate-key-matcher.html
I restored a back up so the key file doesn't exist on the server now does it matter? It's the first time I try to install SSL so please assist. Thanks in advance.
The Authority digest must be the content of these files in this order
SectigoRSADomainValidationSecureServerCA.crt
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt
Related
I have 4 certificate files like this:
1.certum_certificate.crt
2.certum_certificate.pem
3.Intermediate_CA2.cer
4.Intermediate_CA.cer
5.Root_CA.cer
I put these files content by this order in a bundle file and i figured out that my SSL chain is incomplete.
how should i arrange them in bundle file?
Just concatenate the three parts into a single file like this (fullchain.pem) :
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISA/UUyBjJ71fucZuvpiLsdfsfsdfsdfd
...
hoFWWJt3/SeBKn+ci03RRvZsdfdsfsdfw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinsdfsfsdfsdfdsfsdfsd
....
nLRbwHqsdqD7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBsdfSDFSDFVSDVzfsdffvqdsfgsT664ScbvsfGDGSDV
...
Dfvp7OOGAN6dEOM4+SDFSDZET+DFGDFQSD45Bddfghqsqf6Bsff
-----END CERTIFICATE-----
The order must be backwards. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it :
Original issuer —> Intermediate issuer 1 —> Final Root issuer which is a root certificate authority and can be trusted.
It's possible to have several intermediates : ...—> Intermediate issuer 1 —> Intermediate issuer 2 —>...
I received the following three sections from RapidSSL
Web Server CERTIFICATE
-----------------
-----BEGIN CERTIFICATE-----
BLABLABLA 1
-----END CERTIFICATE-----
INTERMEDIATE CA:
---------------------------------------
-----BEGIN CERTIFICATE-----
BLABLABLA 2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
BLABLABLA 3
-----END CERTIFICATE-----
how i can create the 3 files for configure apache like:
SSLCertificateFile /etc/httpd/conf/ssl.crt/your_leaf_certificate.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/your_domain_name.key
SSLCACertificatePath /etc/httpd/conf/ssl.chain/your_intermediate_chain.crt
im expecting to find this
-----BEGIN RSA PRIVATE KEY-----
but can't find it :(
The problem that you have is that you will have to download from CertCentral the certificate bundle. You will have to login into digicert.com, and get your certificates. Click Certificates > Click orders > select order > download cert.
After you download the certificate, you can use this tool called Utility Tool For Windows Tool
After that, you can import your cert into that tool, and you will be able to export it to be able to get a pem file with your key as an individual file.
If you purchased this certificate through a third-party vendor, I will recommend you to get a new CSR and send it to them to make sure they can reissue your certificate.
I am facing issue at vestacp: during pass the
SSL Certificate:
-----BEGIN CERTIFICATE-----
b5XsfsteyPAX9uLwiTctWC4TO9UsnjWKx2ZBt8q4WgQ5nrmkXUwv
-----END CERTIFICATE-----
SSL Key:
-----BEGIN RSA PRIVATE KEY-----
OOTW0NwF+ENrko9JHyLGZPOrk1w/+DElPHYZWMRXB/SJIsvehu/lgMpEEGgT
-----END RSA PRIVATE KEY-----
i have already checked my certificate result this link: https://decoder.link/
it show me my certificate is valid.
You should do the following:
In the SSL Certificate field:
Paste the contents of the certificate issued to your domain. In windows you can usually verify this by simply double clicking (or opening) the .crt file. A window will pop-up with information about the certificate. Just check under "Issued to:" and make sure its issued to your domain.
In the SSL Key field
Paste the contents of the key that was created during the generation of the csr. It usually begins with -----BEGIN RSA PRIVATE KEY-----
In the SSL Certificate Authority/Intermediate
Paste the contents of the CA bundle certificate you received from your CA. That is the certificate without your domain name under "Issued to:" as explained in step 1.
Hope this helps someone. You can also read https://support.dnsimple.com/articles/what-is-ssl-certificate-chain/ to understand certificate chains.
I've installed a SSL certificate on my Website, but the intermediate.crt isn't working.
Any SSL Checker (e.g. GeoTrust Checker) told me, that an intermediate key is missing.
On the website a SSL certificate was already in use, only the switch from SHA1 to SHA2 is new.
I use this structure:
-----BEGIN CERTIFICATE-----
(Secondary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Primary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root certificate)
-----END CERTIFICATE-----
Who has an idea to solve this problem?
I solve it.
It was the wrong reference to the intermediate
We have a password-protected pfx file, expiring in a few days, which we use to sign our exes.
We have renewed our SSL certificate from Symantec, but all we have received is a bunch of data:
Below is your Code Signing certificate:
-----BEGIN CERTIFICATE-----
base-64 encoded data
-----END CERTIFICATE-----
Below is the intermediate CA certificate:
-----BEGIN CERTIFICATE-----
base-64 encoded data
-----END CERTIFICATE-----
Below is your certificate in pkcs7 format:
-----BEGIN CERTIFICATE-----
base-64 encoded data
-----END CERTIFICATE-----
I have seen a few tutorials to create pfx files from .cer and .key files, but the fun part is, Symantec doesn't use the same terminology as the rest of the world. So I don't know which is which. And no single tutorial explains what should be in the files, so I can't go from there either. So, I don't know how to create the .key file, for instance.
Thanks!
It turns out that the main requirement is to install the certificate on a browser, from the computer that has made the request for a new certificate.
Then, most browsers (IE, FF, Chrome) can export it to PFX from the installed certificates list.
More info can be found here:
http://blog.ksoftware.net/2011/07/exporting-your-code-signing-certificate-to-a-pfx-file/
http://blog.ksoftware.net/2011/07/exporting-your-code-signing-certificate-to-a-pfx-file-from-firefox/
https://knowledge.verisign.com.sg/support/code-signing-support/index?page=content&id=AR190&actp=search&viewlocale=en_US&searchid=1360582675798