I'm trying to enable SSL on SOLR with a SAN cert - I ran the keytool.exe to generate the .jks file from the cert file. That process went fine. I copied the .jks file over to the /etc directory, and then I enabled SSL in solr.in.cmd file. Then when I try to access the site, it tell me: "The client and server don't support a common SSL protocol version or cipher suite." Is the issue with the cert, or issue with the way I generated the .jks file? Any help with this would be appreciated.
MORE INFO:
I learned that .cer files only contain the public key, and the private key is on the machine that generated the CSR. However, in this case, the machine that the cert is installed on is probably not the machine that the CSR was generated in. So, given this situation, how do I generate the keystore file to be used in SOLR?
Related
I got one certificate from the service provider ( We need to consume the service from server for single sign on)
certificate is p7b format certificate.
Dont know how to install it on apache. Can anyone help to install certificate.
I got allready one certificate on apache, that is crt certificate.
p7b file contains one or several certificates (which supposedly make a certificate chain in your case) without private keys. There's no need to install them on your server - these certificates are used to check the server's authenticity when you connect to it as a client. This is unrelated to your apache.
i've created a self signed CA with DSA using OpenSSL and created a .der file using x509 of openSSL.
I can create user certificate requests, verify them and create user certificates. can create signature and verify them also.
but what to do with the .der file? i can do all the above things with .cert or .pem files. .der supposed to be shown side to the browser address bar. how to install that?
i'm using PHP and Apache.
I think you should read that :
DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them
i got it. i need to install the .der in my server using config files of apache-openssl.
i've tried that with xampp. initially it worked for the 1st time. i installed the cert files in the browsers. and got the public shown for the page from the address bar.
later when i restarted apache, the whole xampp was crashed and i'was unable to start apache. i needed to re-install xampp and then i'm able to start apache again.
I am trying to move a website into Azure (Azure Website). I have everything moved, except the ssl isn't working. The error that comes up says
You attempted to reach [subdomain].[domain].com, but instead you actually reached a server identifying itself as *.azurewebsites.net ...
I think it may have something to do with my certificate. The cert is a UCC cert (multiple SAN) through GoDaddy. I did not rekey the cert when I moved the site from the old server to the Azure Website. The old server was managed using Parallels. Here is what I did to move the cert:
I logged into Parallels on the old server. I opened the SSL screen, where I could see the 4 parts of the cert (csr, private key, certificate, CA certificate). I copied the text for each of those (including the ---Begin Certificate--- and ---End Certificate--- lines. EDIT: the private key began with ---Begin RSA Private Key--- and ended with ---End RSA Private key), and I pasted the data to create 4 .txt files. I then renamed the txt files so that I had 4 files named CAcertificate.cer, certificate.cer, privateKey.pem, and cert.cer. They were all saved in the c:\ directory (root).
I then pulled up OpenSSL and ran the following command:
pkcs12 -export -in c:\certificate.cer -inkey c:\privateKey.pem -out c:\certificate.pfx -certfile c:\CAcertificate.cer
I entered a password twice, and out popped a certificate.pfx file.
I uploaded that file to my Azure Website. The UCC Cert applies to 4 subdomains. I have my Azure Website set up with only one of those subdomains as a domain name. After uploading the file, I went to SSL Binding, and chose that subdomain, matched it with the cert I just uploaded, and chose "SNI SSL." I saved it, and all looked good.
Unfortunately, when I browse to the subdomain, I get the error I listed at the beginning.
I have a CName set up to forward from that subdomain to the Azure Website. I also have an A record set up to point from that subdomain to the IP Address of the Azure Website. The site is pulling up as I would expect, except for the ssl certificate error.
Did I generate the .pfx file incorrectly? Is there something I need to change in Azure or my domain registrar? I noticed that I could download a .pem file from the parallels panel. It contained all 4 parts of the cert in one file. I didn't know what I could do with that.
A missing root or intermediate certification authority can cause this behavior as documented in this article (written by a Microsoft MVP).
This answer shows how to export the full certificate chain including the private key using OpenSSL for Windows.
If the certificate is already installed in your local Windows machine you can follow this guide and be sure to select
Yes, export the private key and
Include all certificates in the certification path if possible.
This will create a .pfx file containing your certificate, its private key as well as all intermediate and root CAs.
I am trying to prepare for the switch in the SSL certificate vendors.
For the the SSL validation, Our Tomcat web application uses a JKS file created from a DigiCert certificate ( *.cer files). Our company is now switching to VeriSign next week. Since they have already provided the new *.cer files, can I simply add the new cert ( using keytool) to the existing JKS so that it works for both certificates. I am trying to avoid any downtime during the switch and prepare the server beforehand?
Any helps will be much appreciated.
You must install the certificate onto the same keystore you created the CSR from as the private key resides there. Otherwise it will not work. Please reference the article below on instructions on how to import into a tomcat server:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR234&actp=search&viewlocale=en_US&searchid=1369174910074
While I know nothing about SSL or installing SSL Certificates, I'm sure one of the many results Google will give me for CentOS, SSL certs and Apache would help.
However, the certificate files which have been provided for this project are a .pfx file, .cer (the certificate) file and a .txt (apparently a certificate request) file, none of which are mentioned in the articles I'm finding.. they all talk of .crt and .key files.
Is there a particular way I should be converting these files, presumably via openssl, into something I can use in Apache?
.pfx files tend to be PKCS#12 files (which will contain the private key, the certificate and possibly the issuer certificate chain). They're sometimes called .p12. OpenSSL can extract private key and certificate from PKCS#12 files (via its openssl pkcs12 command), you should be able to find documentation to do this, via Google or other questions on SO.