I am attempting to try to install my SSL certificate on a server and I have lost my key file that was generated when I was creating the CSR file for the SSL application. I am fairly certain that this is a unique file and simply creating a new CSR file wont make the key file that I need. Is there anything that I can do to get the same key and CSR file that I had before? I used godaddy to get the certificate if that makes any difference.
No, there's nothing you can do without the original key. Some CAs will reissue a certificate due to a lost key, others you'll be paying again.
yes there is a solution. Go to your godaddy account, ssl certs, and re-key it. Before this you have to create a new key and CSR. When you have the CSR, do what i said above logging to godaddy
Related
I have a VPS with Apache2.
I have installed SSL before in my websites, but always form freeSSL or ZeroSSL, they give me 3 files:
Private.key
ca_bundle.crt
certificate.crt
I replace them for the old ones and all is peachy (I configured it once and just replace the files on reactivation).
Now I have issued a year long SSL service from Comodo SSL, and they send me a mail with this information:
"Thank you for placing your order. We are pleased to announce that your PositiveSSL Certificate for * has been issued.
Attached to this email you should find a .zip file containing:
Root CA Certificate - AAACertificateServices.crt
Intermediate CA Certificate - USERTrustRSAAAACA.crt
Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt
Your PositiveSSL Certificate - ***.crt
You can also find your PositiveSSL Certificate for ** in text format at the bottom of this email."
And I really have no Idea what to do... I tried Google but can't find any guide, they talk about CSR or other things and I just want to install this and forget about it for a year like I did before for 90 days...
Please help me, I need to have SSL running for my Magento 2 installation to work.
To use a certificate you need the certificate file itself (.crt) AND the key file (.key) ( Extensions may vary but, as you know, on linux it doesn't matter): if you're missing one of these, you're pretty much screwed.
To get a certificate, the following steps are necessary:
a key file needs to be generated
from the key file a CSR is generated
the CSR is signed by a CA (for you it's Comodo) and the result is the certificate file
The key file and the csr can be generate by you (who are requesting the new certificate) or (in this case) by Comodo during the procedure you followed. According to what you wrote, probably, during the procedure you've been asked to provide a key or let them generate one and you picked the 2nd option.
I've never used Comodo so I don't know how their interface works but IMHO you have 2 options: login with your account and look for an area where you can download the certificate and check for the possibility to download the key too OR contact them and ask for support to download the key file.
There is no way to use the certificate file without a key file.
I generated the certificate using an option of my webhosting service (Hostinger) to buy a comodo SSL certificate, as I said the email of Comodo didn't give me the key file BUT, after some hours the comodo ssl service started showing on my webhosting control center and going through some menus I reached a button called "download SSL", that downloaded a ZIP with the same files PLUS the key file. This was very random and nowhere stated, and I found it by coincidence but is solved. Thanks. The other option was to reach Comodo or Hostinger for help.
I got this problem for about a week now, My client ask me to renew the SSL certificate which expired already. I followed a lot of tutorials already but nothing help me.
I have this certificates provided:
Private Key
Intermediate Certificate
CSR
Public Certificate
The server is Amazon and uses Apache/HTTPD
I saved the private key as .key file and the rest is .crt
By the way, I setup the ssl.conf because that is where the Virtual Host is located.
I saved my certificates in, /etc/httpd/conf/ssl.cert/
I saved my keys in, /etc/httpd/conf/ssl.key/
and the location of my ssl.conf: /etc/httpd/conf.d/ssl.conf
My questions are:
What's the usual way on renewing SSL Certificates?
What's all I need to renew it?
Can I do it only on the FTP client or I need to go to my AWS page and set it up there?
I am really desperate to get out of this embarrassment. I hope someone would help me do it. Thanks in advance.
You need to create a CSR (certificate signing request) that contains the server's information. (There are many, many guides on how to do this using openssl.) You then purchase a SSL certificate from your certificate issuer of choice and provide them with the CSR. When your order is complete they will issue you a SSL certificate that you can download and install in Apache. If you go to the issuer of the original certificate they will likely have a renew process that will walk you through all of the steps.
I updated the SSL cert on a customer server. The cert was about to expire.
The customer sent me the new cert in PEM format. I just replaced it on Apache and restarted it. The new expiration date is correct, but I got a little validation error:
Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.
The cert uses an intermediate cert. Maybe I need to update the intermediate cert too ? Using the old cert, this validation error don't occur.
All seems to be working perfect. Browsers don't show any error.
You need to update the intermediate cert too, if it is different, as it seems to be. You might also want to check that the CA (Certificating Authority) cert has not changed, or if it has, add the new one.
I am trying to prepare for the switch in the SSL certificate vendors.
For the the SSL validation, Our Tomcat web application uses a JKS file created from a DigiCert certificate ( *.cer files). Our company is now switching to VeriSign next week. Since they have already provided the new *.cer files, can I simply add the new cert ( using keytool) to the existing JKS so that it works for both certificates. I am trying to avoid any downtime during the switch and prepare the server beforehand?
Any helps will be much appreciated.
You must install the certificate onto the same keystore you created the CSR from as the private key resides there. Otherwise it will not work. Please reference the article below on instructions on how to import into a tomcat server:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR234&actp=search&viewlocale=en_US&searchid=1369174910074
I'm trying to install a Comodo SSL certificate on a shared server, which has directadmin installed. I have assigned the user an unique ip address, made the CSR request and uploaded the certificate.
In directadmin I get the response that both the certificate and private key are saved. Unfortunately, when I browse to the https://www.domain.com I get a SSL error, saying that the certificate is untrusted, because it is self-signed.
I'm confused why this error occurs. It seems to me that I followed the correct steps to install the Comodo ssl certificate. I also tried deleting the private key and certificate through the command line on the server. But this does not seem to resolve the error.
What direction should I be looking into solving this issue?
Check if you installed the intermediate certificate. You have to list one or more intermediate certificates in the field for your public key.
You can also use the GlobalSign OneClickSSL plugin for DirectAdmin and let the plugin do everything for you automatically.
See: https://www.globalsign.com/ssl/oneclickssl/directadmin/
And: http://www.youtube.com/#/watch?v=tVP9i6Ing1M