I want to download Cpanel auto-generated SSL as key.pem and cert.pem, I don't find any download link in Cpanel, Any suggestion?
I have tried copying the certificate text in a text file and using it, but didn't work.
I have found the solution here:
How to get .pem file from .key and .crt files?
Summary: Cpanel offers to read the certificate and its key as a text in binary and in ascii formats.
Just copy the ASCII format ( starts with --begin ) and paste it in a text file, name this file as cert.pem, and you are done.
Same goes for the key.
It worked fine for me.
Related
I have purchased ssl certification for my website. As an initial process, I have created a CSR and KEY file and presented it to the certification provider. Upon receiving the certification, I have copied all the files including the .key, .csr, .crt files into a folder by name certs.
While removing unnecessary files from the drive, I accidentally deleted the certs folder also. I have the .crt files in my local machine, Can i retrieve the .key file and the cert folder.
I tried using extundelete and used the following command.
sudo extundelete --restore-directory /home/ubuntu/certs /dev/sda1
I don't understand the /dev/sda1 part. Is there any chance where I could retrieve the files? The folder was in EC2 Ubuntu instance.
Please help.
Forget the old certificate and get new free one via https://letsencrypt.org/
So I am trying to make my IIS8 webserver https, yet I can't seem to get it to work.
I have tried almost anything... but nothing seems to work.
DON'T WORRY THE FILES BELOW ARE FAKE!
PICTURE 1 KEY
PICTURE 2 PEM
First of all, what do I need to do with these 2? It says to save them as .key and .pem files, so I thought they mend: put the private key in a text file and save it as .key and same for the certificate and save it as .pem.
I tried to convert them to .pfx because that is what I need, right?
First I tried using openssl, but I saw a nice site, so I started using that instead: https://www.sslshopper.com/ssl-converter.html. That gave me an error at first, but then I saw cloudflare also had something called DER:
Which gave me an .CRT file if I downloaded it, so now I had a .PEM, a .KEY and an .CRT file, I went back to the website and used the .CRT file and the .KEY file, and put in a password!
Now I've gotten my .PFX file, which I wanted! I installed it on my windows server, but got this:
Why is it not verified?!
What files do I need to verify this?
Am I saving the files correct?
Within IIS you'll need to create a Certificate Signing Request (CSR) and export it.
In the Crypto app, scroll down to the Origin Certificates card and click 'Create Certificate'. Select 'I have my own private key and CSR', add the hostnames you'd like to be covered by the certificate. Once you've completed all the steps in the Wizard you can go back to IIS and click " Complete Certificate Request".
A step-by-step breakdown of these instructions is available on the Cloudflare Knowledge Base: Managing Cloudflare Origin CA certificates
Additionally, you'll need to install the Origin CA root certificates for CloudFlare on the server outline in Step 4 of the KB tutorial. This is fix the warning message:
Windows does not have enough information to verify this certificate.
There are two locations which these certificates may be installed: Current User or Local Machine.
To target the Current User open the certmgr.msc program, otherwise open certlm.msc
Expand 'Trusted Root Certification Authorities'
Right-click 'Certificates'
Select 'Import...' from the 'All Tasks' menu
Import both the ECC and RSA .pem files
How do you transfer a Godaddy SSL certificate to the Google Cloud Platform?
I am trying to setup an HTTPS load balancer on Google Cloud. I have an SSL certificate from Godaddy, but I'm not sure how to input it into Google Cloud. Google has a form to enter a public key, a certificate chain, and a private key all in .pem format (see screenshot below). Godaddy provides me with three files: (1) a file called #####.crt, (2) a file called gd_bundle-g2-g1.crt, and (3) an RSA private key.
I've seen other SO questions on converting .crt to .pem, but I'm not sure what what to do with the .pem files when I have them or which of these three files go into which box in the GCE console below.
This happened to me, good to know I'm not alone!
Plain and simple answer: Godaddy will give you a certificate file and a bundle file. They all come already on PEM format (as long as it says BEGIN CERTIFICATE you know it's PEM).
Copy and paste the contents of the #####.crt file on the "Public key certificate" field, it should display the correct information on the right side of the field.
Copy and paste the contents of the certificate bundle on the "Certificate chain". This file usually has 3 certificates on it.
Finally, copy and paste the contents of your private key on the last field.
Double check that your certificate is working correctly on both desktop and mobile. If it works on desktop but not mobile try again, it means you made a mistake filling the "Certificate chain" field.
Hope this helps!
AFAIK you dont need to convert the file to PEM, quite sure it is already a PEM file, to be sure do file gd_bundle-g2-g1.crt or file #####.crt the output should be something like PEM certificate, you copy you private key into the "Private Key", you take .crt file and copy to the "Public key Certificate" once you do this some information will appear on the right side of these box, in my case, I copied the same .crt file on the "Certificate Chain".
When using web2py, it asks a single ssl certificate file.
But what I got from Comodo are two files, one .crt file and one .ca-bundle file.
I tried with using only provide the .crt file when setting up web2py, in the beginning it works. But when I go to my website another day, it shows "This certificate cannot be verified up to a trusted certification authority."
My suspicion is that this is related to the case of not using the .ca-bundle file. So anyone knows how to use both files in web2py settings?
Finally got it working!
It turns out to be the Web2py 'One step production deployment' script is not complete. It leaves out the 'SSLCertificateChainFile' option when it configures the Apache server.
So by adding this line:
SSLCertificateChainFile = path_to_your_ca-bundle_file
Below the line 'SSLCertificateKeyFile /etc/apache2/ssl/self_signed.key' will do the work.
I got certificate for domain from www.startssl.com. I downloaded a copy of this cert and saved it as .p12 file.
Then using windows console, I exported certificate including private key to .pfx file, and after that I selected option "without private key", and exported public key to .cer file (using Base-64 algorythm).
Next, I converted .pfx to .pem file using OpenSSL. Now I've got two files - public and private key, and they can be both opened by notepad.
SSL on my domain can be established only by pasting two strings - public and private key. I done it and it didn't work - there was a warning saying that privat key is wrong. So I tried to merge both keys in startssl tool "Create PKCS#12 (PFX) File" - an error again. The same when I used OpenSSL to get pfx.
Why one p.12 file can be split into - finally - two keys, but after that they can't be merged again into one file?
What did I do wrong?
I'm going mad with it.
Many thanks for any help
p12 and pfx are actually same pkcs#12 format. usually, they don't just contain a private and a public keys, but also intermediate/root certificates. you can check this links out:
https://www.sslshopper.com/ssl-converter.html
http://fusesource.com/docs/esb/4.3/cxf_security/i298613.html