I bought SSL certificate to apply it to my site which is hosted in Digitalocean VPS,
When I bought SSL , Rapid SSL emailed the keys with that email.
In that mail they mentioned
public.crt and intermediate.crt but they did not provide me any private.key.
But in their installation guide they wrote like this
SSLCertificateFile /usr/local/ssl/crt/public.crt
This will need to point to the your SSL certificate itself that we issued to you
SSLCertificateKeyFile /usr/local/ssl/private/private.key
This will need to point to the private key file associated with your certificate.
SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
This will need to point to the the intermediate file
Now how can I get this private.key file
Thanks in advance...
You must have started with a private key of your own. The process goes like this:
You create a keypair.
You create a Certificate Signing Request (CSR) which wraps the public key.
You submit the CSR.
They sign it and send back the signed certificate and their own certificate chain.
You couldn't have got to first base without a private key.
Related
So, I bought an SSL Certificate from godaddy for one of my domains. it gave me one generated-csr.txt and generated-private-key.txt. I've been looking for a while on how to deploy a CSR certificate, but couldn't find any that is understandable. Even godaddy itself uses the .crt format in their tutorial
Also they uses SSLCertificateChainFile which I don't if I am suppose to chain my private key and csr to get this or what?
URL: https://au.godaddy.com/help/manually-install-an-ssl-certificate-on-my-apache-server-centos-5238
Can someone explain, how do I deploy my certificate manually to apache2?
It must be something really simple but right now I am not getting anywhere with this (I am not a network geek but a programmer).
We are trying to secure web services created between our server and a vendor. Our vendor is asking to send them the public key for an SSL certificate to secure requests and responses in our web services.
What I did
I forwarded the following to our hosting provider but they only provide SSL certificate for websites and didn't give any clear clue to what to do next.
Create a Certificate Signing Request (CSR) with any CN
Have CSR signed from CA
Merge the signed cert file with the CSR to create the actual
certificate
Extract the public and private certificates
What I need
All I need simple set of instructions to what I should do or where can I get/purchase this certificate.
Thanks,
I used this blog to get a Letsencrypt certificate for an apache2 server on windows via letsencrypt-win-simple's manual mode. The tool reports success and all files were generated, however, I can't find any documentation on what is what. My apache2 has a temporary self-signed certificate installed with a self-generated private key. I assume the tool created an entirely new private key and certificate signing request and did not use the existing private key to verify my certificate? Sorry for my confusion, but I just found explanations that show how confusing and flexible the formats can be used.
The tool generated the following (- my assumption what the file is):
myurl.com-key.pem - Private key generated to encrypt the certificate signing request (csr) with?
myurl.com-csr.pem - The unsigned csr file?
myurl.com-gen-csr.json - Signed csr file in json to send to the CA?
myurl.com-gen-key.json - Public key to send to the CA?
myurl.com-crt.pem - My certificate?
myurl.com-crt.der - This file is encrypted, but why and what's the difference to myurl.com-crt.pem?
myurl.com-chain.pem - The chain of CAs used to create the certificate?
myurl.com-all.pfx - An encrypted file containing everything? Do I need to generate the files for my apache2 from this via openssl or can I use the others?
ca-CRYPTICODE-crt.pem - Another certificate? Or is this the final result? But what is myurl.com-crt.pem then?
ca-CRYPTICODE-crt.der - Another certificate?
Registration - Probably used for the registration process and not required anymore?
Signer - Probably used for the registration process and not required anymore?
Which files do I need to configure my apache2 with? Which files are private and never shared with anyone?
myurl.com-crt.pem - this is the SSLCertificateFile
myurl.com-key.pem - this is the SSLCertificateKeyFile
ca-CRYPTICODE-crt.pem - this is the SSLCertificateChainFile
These 3 files you should specify in apache virtual host configuration.
myurl.com-key.pem - Private key generated to encrypt the certificate signing request (csr) with?
Private key to sign the CSR and use in association with the eventual certificate.
myurl.com-csr.pem - The unsigned csr file?
myurl.com-gen-csr.json - Signed csr file in json to send to the CA?
Correct.
myurl.com-gen-key.json - Public key to send to the CA?
Don't know what it is but the CA doesn't need your public key: it is already in the CSR.
myurl.com-crt.pem - My certificate?
Correct.
myurl.com-crt.der - This file is encrypted, but why and what's the difference to myurl.com-crt.pem?
No, this is another representation of the .pem file. It isn't encrypted.
myurl.com-chain.pem - The chain of CAs used to create the certificate?
Correct.
myurl.com-all.pfx - An encrypted file containing everything?
Correct.
Do I need to generate the files for my apache2 from this via openssl or can I use the others?
You can use this as a PKCS#12 keystore with Java, or the others with Apache HTTPS.
ca-CRYPTICODE-crt.pem - Another certificate? Or is this the final result?
Looks like another CA certificate. Have a look at it with some PEM utility.
But what is myurl.com-crt.pem then?
Your signed certificate.
ca-CRYPTICODE-crt.der - Another certificate?
DER form of ca-CRYPTICODE-crt.pem.
Registration - Probably used for the registration process and not required anymore?
Signer - Probably used for the registration process and not required anymore?
Pass. Probably used in the Let's Encrypt registration or verification process.
I got this problem for about a week now, My client ask me to renew the SSL certificate which expired already. I followed a lot of tutorials already but nothing help me.
I have this certificates provided:
Private Key
Intermediate Certificate
CSR
Public Certificate
The server is Amazon and uses Apache/HTTPD
I saved the private key as .key file and the rest is .crt
By the way, I setup the ssl.conf because that is where the Virtual Host is located.
I saved my certificates in, /etc/httpd/conf/ssl.cert/
I saved my keys in, /etc/httpd/conf/ssl.key/
and the location of my ssl.conf: /etc/httpd/conf.d/ssl.conf
My questions are:
What's the usual way on renewing SSL Certificates?
What's all I need to renew it?
Can I do it only on the FTP client or I need to go to my AWS page and set it up there?
I am really desperate to get out of this embarrassment. I hope someone would help me do it. Thanks in advance.
You need to create a CSR (certificate signing request) that contains the server's information. (There are many, many guides on how to do this using openssl.) You then purchase a SSL certificate from your certificate issuer of choice and provide them with the CSR. When your order is complete they will issue you a SSL certificate that you can download and install in Apache. If you go to the issuer of the original certificate they will likely have a renew process that will walk you through all of the steps.
I am trying to set an HTTP load balancer with SSL.
I have two files - certificate.pem and unencryptedkey.pem.
But the UI of google asks for three fields:
Public key certificate,
Certificate chain,
Private key
What goes where and where do I get the third one?
I managed to use only 2 but the browser asks for permission and that is wrong.
When you buy the SSL certificate you should get some more files. In my case, I got a .ca file (certificate chain), a .crt file (the certificate), a .csr file (the request), and a .key file (your private key)
You need
public key => the crt file
certificate chain => your ca file(s concatenated)
private key => your .key
My guess is that you have created the certificates, i.e. you haven't purchased them from some certificate authority. With self-signed certificates browser warns you, since certificate validity can't be verified from a certificate authority.
If this is the case, you should do some learning regarding certificates and how they work.