I have a new SSL certificate to install (IIS7) but when I do complete certificate request I get 'Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where the request was created'. The request was generated on 123-reg and not on the server. I have a .pem and public and private keys from 123-reg but I don't know what to do with them to get them installed on the server so I can complete the request!
Can anyone point me in the right direction please :)
When you create a certificate request you also get a CSR file with the request which is sent to the certification authority.
Read this post for a full explanation of all files involved in the certification process.
In your case it seems that the server is complaining maybe because your domain does not match the input you provided the certificate request. Maybe your CSR is configured for mydomain.com but IIS is configured for somthing like localhost or an IP. Check that out.
Related
I secure successfully a Nifi Node (localhost) with SSL but I have always a yellow padlock in my browser as you can see in the pic here
Do you have any idea?
Thanks
If you used an untrusted certificate then this is expected behavior. You would have to purchase a real certificate for a real domain name in order for the browser to not warn you.
I see the description below:
Standalone : generates the certificate authority, keystores, truststores, and nifi.properties files in one command
Client/Server mode : uses a Certificate Authority Server that accepts Certificate Signing Requests from clients, signs them, and sends the resulting certificates back. Both client and server validate the other’s identity through a shared secret.
Standalone and client, both generate the certificate authority, keystores, truststores.
Sorry, I don't see the difference.
I got this problem for about a week now, My client ask me to renew the SSL certificate which expired already. I followed a lot of tutorials already but nothing help me.
I have this certificates provided:
Private Key
Intermediate Certificate
CSR
Public Certificate
The server is Amazon and uses Apache/HTTPD
I saved the private key as .key file and the rest is .crt
By the way, I setup the ssl.conf because that is where the Virtual Host is located.
I saved my certificates in, /etc/httpd/conf/ssl.cert/
I saved my keys in, /etc/httpd/conf/ssl.key/
and the location of my ssl.conf: /etc/httpd/conf.d/ssl.conf
My questions are:
What's the usual way on renewing SSL Certificates?
What's all I need to renew it?
Can I do it only on the FTP client or I need to go to my AWS page and set it up there?
I am really desperate to get out of this embarrassment. I hope someone would help me do it. Thanks in advance.
You need to create a CSR (certificate signing request) that contains the server's information. (There are many, many guides on how to do this using openssl.) You then purchase a SSL certificate from your certificate issuer of choice and provide them with the CSR. When your order is complete they will issue you a SSL certificate that you can download and install in Apache. If you go to the issuer of the original certificate they will likely have a renew process that will walk you through all of the steps.
I have installed SSL Certificate manually that I had brought from Godadday. It installed successfully but it shows self signed certificate which is not trusted or displays cross on https.
What is the solution ?
It is showing because it does not recognized the certificate that you get from Godaddy.
The CSR certificate has to upload on your site and make changes on apache config file.
Make sure your CSR file should not match with the private key that you submitted to verify your site.
Installing a SSL certificate requires some server administration knowhow, especially updating web server configuration.
DigitalOcean has a great tutorial on how to install a SSL certificate from GoDaddy: https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority#example-ca-2-godaddy
Maybe it helps.
To check if you installed it correctly, you can use Qualys SSL Server Test at https://www.ssllabs.com/ssltest/index.html
I made HTTP proxy server. But the problem that I can't decrypt SSL traffic.
I found that Fiddler install Trust Root Certificate. I did the same and now I don't have error that certificate untrusted but I got other error: wrong Common Name (CN). How fiddler change the CN of installed trusted certificate?
Will appreciate any answer.
Fiddler acts as an SSL termination proxy.
I.e. the connection goes like this:
Browser ---(SSL handshake)---> Fiddler --- (SSL handshake) ---> Actual Site
So your connection is first time encrypted and sent to Fiddler, where it is first decrypted by Fiddler and then again encrypted to be sent to the actual site that you access.
Additionally when you access a site Fiddler automatically generates a server certificate with a CN that is equal to the host name of the site and this certificate is signed by the CA of fiddler That's why Fiddler needs to install a set of trusted CAs in your browser so that the first SSL handshake can be made against a trusted authority.
I'm trying to install a Comodo SSL certificate on a shared server, which has directadmin installed. I have assigned the user an unique ip address, made the CSR request and uploaded the certificate.
In directadmin I get the response that both the certificate and private key are saved. Unfortunately, when I browse to the https://www.domain.com I get a SSL error, saying that the certificate is untrusted, because it is self-signed.
I'm confused why this error occurs. It seems to me that I followed the correct steps to install the Comodo ssl certificate. I also tried deleting the private key and certificate through the command line on the server. But this does not seem to resolve the error.
What direction should I be looking into solving this issue?
Check if you installed the intermediate certificate. You have to list one or more intermediate certificates in the field for your public key.
You can also use the GlobalSign OneClickSSL plugin for DirectAdmin and let the plugin do everything for you automatically.
See: https://www.globalsign.com/ssl/oneclickssl/directadmin/
And: http://www.youtube.com/#/watch?v=tVP9i6Ing1M