I have generated a .key file, .csr file and .crt file from following URL:
https://serversforhackers.com/self-signed-ssl-certificates
I skip steps for shell script file.
All 3 files are generated successfully and ssl host is generated successfully. Now I open my domain with https it display me some success part and some error part like following image:
When I click on certification information I show following info
What am I missing?
You created a self-signed certificate. That's what the browser is going to show for a self-signed cert. If you don't want a browser warning you will have to use a certificate from a verified certificate authority.
Related
I am trying to install the SSL certificate on the IIS, I am following the exact step mentioned here https://pk.godaddy.com/help/manually-install-an-ssl-certificate-on-my-iis-10-server-27349.
Steps I did:
I purchased the SSL certificate from Go Daddy
I configured that on Go Daddy by giving the domain name
Submit the changes for getting the certificate
After verification downloaded the certificate
Created .Cer file from the .crt file
Imported the gd-g2_iis_intermediates.p7b in MMC under the intermediate certificate authority
Create a request in IIS and import .Cer file
After refreshing that window, the certificate doesn't appear
Am I doing something wrong in this?
So the thing is I was facing an issue because I couldn't able to produce the .pfx file from my machine using MMC, but DigiCert tool helped me to create the .pfx file from the .crt file I got from the Go Daddy. Instructions to create the file are on this link
https://www.digicert.com/kb/util/pfx-certificate-management-utility-import-export-instructions.htm
Later I went to the MMC and to the intermediate certificate authority and I imported the .pfx file along with the password and the certificate got exported to the system and to the IIS and now it's visible in the IIS.
I have a VPS with Apache2.
I have installed SSL before in my websites, but always form freeSSL or ZeroSSL, they give me 3 files:
Private.key
ca_bundle.crt
certificate.crt
I replace them for the old ones and all is peachy (I configured it once and just replace the files on reactivation).
Now I have issued a year long SSL service from Comodo SSL, and they send me a mail with this information:
"Thank you for placing your order. We are pleased to announce that your PositiveSSL Certificate for * has been issued.
Attached to this email you should find a .zip file containing:
Root CA Certificate - AAACertificateServices.crt
Intermediate CA Certificate - USERTrustRSAAAACA.crt
Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt
Your PositiveSSL Certificate - ***.crt
You can also find your PositiveSSL Certificate for ** in text format at the bottom of this email."
And I really have no Idea what to do... I tried Google but can't find any guide, they talk about CSR or other things and I just want to install this and forget about it for a year like I did before for 90 days...
Please help me, I need to have SSL running for my Magento 2 installation to work.
To use a certificate you need the certificate file itself (.crt) AND the key file (.key) ( Extensions may vary but, as you know, on linux it doesn't matter): if you're missing one of these, you're pretty much screwed.
To get a certificate, the following steps are necessary:
a key file needs to be generated
from the key file a CSR is generated
the CSR is signed by a CA (for you it's Comodo) and the result is the certificate file
The key file and the csr can be generate by you (who are requesting the new certificate) or (in this case) by Comodo during the procedure you followed. According to what you wrote, probably, during the procedure you've been asked to provide a key or let them generate one and you picked the 2nd option.
I've never used Comodo so I don't know how their interface works but IMHO you have 2 options: login with your account and look for an area where you can download the certificate and check for the possibility to download the key too OR contact them and ask for support to download the key file.
There is no way to use the certificate file without a key file.
I generated the certificate using an option of my webhosting service (Hostinger) to buy a comodo SSL certificate, as I said the email of Comodo didn't give me the key file BUT, after some hours the comodo ssl service started showing on my webhosting control center and going through some menus I reached a button called "download SSL", that downloaded a ZIP with the same files PLUS the key file. This was very random and nowhere stated, and I found it by coincidence but is solved. Thanks. The other option was to reach Comodo or Hostinger for help.
I'm trying to enable SSL on SOLR with a SAN cert - I ran the keytool.exe to generate the .jks file from the cert file. That process went fine. I copied the .jks file over to the /etc directory, and then I enabled SSL in solr.in.cmd file. Then when I try to access the site, it tell me: "The client and server don't support a common SSL protocol version or cipher suite." Is the issue with the cert, or issue with the way I generated the .jks file? Any help with this would be appreciated.
MORE INFO:
I learned that .cer files only contain the public key, and the private key is on the machine that generated the CSR. However, in this case, the machine that the cert is installed on is probably not the machine that the CSR was generated in. So, given this situation, how do I generate the keystore file to be used in SOLR?
I am about to test web application with JMeter. I have already recorded and parametrized scripts and these seem to be working fine.
Problem is, that one of the requirements is to redirect the traffic through mitmproxy.
I already found solution on how to redirect the traffic to the desired proxy:
How to set proxy for JMeter from behind another proxy?
To manually go through the scenario I am setting manual proxy configuration in my Firefox browser, then navigate to mitm.it and if proxy is enabled I get the client side certificate to download. Once trusted, all traffic goes through this proxy instance.
Problem is that certificate downloaded from here is with .crt extension and this is the only form of authentication - no signatures, no passwords and so on.
I am just wondering how to make this proxy trust JMeter requests?
Adding this certificate to existing keystore will do fine? If so, I could not find unambiguous tutorial on how to extend keystore with the certificate having no password and the key.
Any suggestions?
PS. I tried following http://www.middlewareguru.com/mw/?p=478 - but it states: "The key store must have at the least one x509 certificate and private key" -> problem is that I have only certificate, no private keys and it works perfectly for Firefox, but have no idea how keystore will behave in such scenario (my proxy is down as for now, but I would like to be ready with the approach before it's up and running again).
You need to convert your .crt file into .p12 file which JMeter can "understand" using i.e. OpenSSL like:
openssl pkcs12 -export -in certificate.crt -inkey inkey.key -out certificate.p12
Once done you can add the following line to system.properties file (located in "bin" folder of your JMeter installation)
javax.net.ssl.keyStore=/path/to/certificate.p12
Restart JMeter to pick the change up
You can also use SSL Manager instead of steps 2 and 3 but using system properties is way more convenient.
References:
The Most Common OpenSSL Commands
How to Set Your JMeter Load Test to Use Client Side Certificates
i've created a self signed CA with DSA using OpenSSL and created a .der file using x509 of openSSL.
I can create user certificate requests, verify them and create user certificates. can create signature and verify them also.
but what to do with the .der file? i can do all the above things with .cert or .pem files. .der supposed to be shown side to the browser address bar. how to install that?
i'm using PHP and Apache.
I think you should read that :
DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them
i got it. i need to install the .der in my server using config files of apache-openssl.
i've tried that with xampp. initially it worked for the 1st time. i installed the cert files in the browsers. and got the public shown for the page from the address bar.
later when i restarted apache, the whole xampp was crashed and i'was unable to start apache. i needed to re-install xampp and then i'm able to start apache again.