Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 6 years ago.
Improve this question
Follow up on the question that I asked here already.
I have Amazon AWS Instance running Windows 2013 server. I have used IIS 8 to generate CSR file. I have used that CSR file in godaddy.com for SSL certificates.
Go daddy gave me following files:
- somerandomhash.crt (2KB)
- gd_bundle-g2-g1.crt (5KB)
In my Sails.js (express.js) I have:
serverOptions : {
key: fs.readFileSync(my.key),
cert: fs.readFileSync(my.cert)
}
I have used http://www.selfsignedcertificate.com/ to create test certificate for my testing domain. That web site provided me with two files, key and cert that work just fine with (ip domain).
Now I need to used proper SSL and I have problems.
How do I update my configuration (serverOptions) to use files provided by godaddy? I do not see a key file anywhere.
IIS should've generated a key along with the CSR. http://www.entrust.net/knowledge-base/technote.cfm?tn=7905 Your SSL provider will not make a key for you, that'd be terribly insecure - you're the only one who's supposed to have a private key.
gd_bundle-g2-g1.crt is a certificate chain file, and should be added to serverOptions like so:
serverOptions : {
key: fs.readFileSync(my.key),
cert: fs.readFileSync(my.cert),
ca: fs.readFileSync(my.ca)
}
After lots of reading this is final solution:
I was getting the following error:
routines:PEM_read_bio:bad end line node.js
No matter what I do I always get that error. Other people who got same error, suggested to add extra enter on header and footer of the request. In my case it did not help. What helped me is Notepad++ and EoL conversion.
I guess you can do it with other editors, but I used Notepad++. Just edit-->EoL Conversion and make sure Windows is selected.
Hopefully it will save time for other people who experience the same problem.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
we have two domains, A and B, where I'm looking to get DomainA to redirect all requests to DomainB. There is no server behind DomainA. I've followed this tutorial exactly as presented on Cloudflare:
https://community.cloudflare.com/t/redirecting-one-domain-to-another/81960
And it works just fine for non-https traffic. Attempting to go to https://domaina.com gives me NET::ERR_CERT_COMMON_NAME_INVALID while http://domaina.com redirects to https://domainb.com just fine.
My page rules reflect the tutorial - that is *domaina.com/* 301 redirects to https://domainb.com/$2
My SSL options in Cloudflare is set to "Full". The orange clouds are on as well for both # and www on DomainA which currently are A records. I've tried CNAME as well. Has anyone else run into this before? What might I be doing wrong?
Try setting your SSL option to "Flexible" instead. Since your domain A doesn't have SSL setup, "Full" wouldn't work as it requires SSL on the origin server as well.
Free Clouflare plan will give you "Free certificate".
The Free Certificate's Common Name is always pointed to sni.cloudflaressl.com.
You can't change the common name unless you order Advanced Certificate Manager for $10/month.
You can see Advanced Certificate Manager in SSL > Edge Certificates > Order Advanced Certificate:
Sample "Free Certificate":
The certificate's common name is set to sni.cloudflaressl.com but it is valid to all major OS and browser because the Subject Alternative Name (SAN) in the certificate contains your domain.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
My client's company internal CA provided a *.cer file.
I already installed this file in the our server using MMC but I also need to add the .crt and .key files to the apache configuration.
How can I get the .crt and .key file from the .cer file that the CA issued?
A .cer file is a certificate file. It contains a certificate either in DER format (binary) or PEM format (the same DER formatted binary, base 64 encoded, with header and footer). Usually there is no difference between .cer and .crt: they represent the same (X.509v3) certificate.
Generally you create the key pair, then a certificate request which you send to the CA. You get back a certificate for that particular key pair that you created and - hopefully - stored somewhere secure. If you didn't store the private key securely you're out of luck and you should start over again.
I am posting this question on SO instead of ServerFault, because all my previous efforts to get Magento 2 issues sorted out, ended up being hacking some or other code in the Magento or template source.
I have configured a basic install of Magento 2 with a theme for a client.
Magento is running on IIS and Windows. (Not WAMP), shared IIS hosting on windows (My own server).
I configured the shop to use SSL, and the complete shop runs over SSL without any issues.
However, when trying to use the market place, I get a weird SSL issue:
"SSL certificate problem: unable to get local issuer certificate"
This error is shown on the Magneto shop (which is currently running over ssl), when trying to sign in to the market place.
I have found lots of hits on this issue, but all answers seem to lead to a self-signed certificate that isn't trusted or adding intermediary and/or root certificates. This is all based on XAMP, WAMP or native 'nix installations.
I do not understand what the exact issue is. I also do not know how to troubleshoot this further as the error description is very vague.
I would appreciate some feedback.
Thanks
This error happens because cURL cannot find a cacert.pem file from which take the trusted signatures.
There are some ways to set this file in cURL:
• Pass the cacert.pem file path directly to cURL when making the call;
• Set the path to the cacert.pem file in the php.ini.
You could follow below post:
• https://serverfault.com/questions/633644/adding-a-self-signed-cert-to-the-trusted-certs-within-curl-in-windows
• https://magento.stackexchange.com/questions/97036/magento-component-manager-ssl-certificate-problem-unable-to-get-local-issuer-c
• https://mage2.pro/t/topic/988
Regards,
Jalpa.
This question already has an answer here:
https lock and company name in address bar
(1 answer)
Closed 6 years ago.
I do have a website that has an SSL certificate installed when I visit the website I see the look icon like this :
But in some other websites I see the full company description right after the look icon like below :
So my question is : is there a special config that I need to do to my SSL certificate to be able to show my company name after the look icon?
Thanks.
These are two different types of SSL certificates
The first one is either a DV (domain-validated) or an OV (organization-validated). Only the EV (extensive validation) certificate results in the naming of entity being displayed in the browser.
EV certificates are generally more expensive (because of the more detailed validation process) and they requires more time to be issued.
It is worth to mention that, from an encryption point of view, all these 3 tyoes of certificates provide the same level of security.
I have a problem with a self-signed SSL certificate not being accepted on my Windows 7 box. I need this because the QuickBooks web connector will not address my CRM except over HTTPS, and the CRM is hosted on an intranet-only Linux server.
I followed the instructions here, and then used certmgr.msc to import the certificate on the client machine. The import appeared to be successful, and I can see the certificate in the "Trusted Root" store:
The problem is that it doesn't work; QBWC still reports it can't connect due to an authentication error, and my browser still rejects the certificate:
Could someone please give me an idea what I'm doing wrong? Thanks in advance!
The correct answer was propounded by #RickK - I had issued the certificate in my own name, instead of the domain of the server. The prompts in Apache make this rather confusing; it really looks like you're supposed to put your own name in the "Common Name" field, and the tutorial I followed seems to advise the same thing.
Anyway, I reissued the certificate, changing the CN field to "apps," and everything is working now. Thanks to #RickK and #pulkitsinghal for your helpful input. (And sorry for the delay in my response - this project got pushed to the back burner for awhile.)