Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Which files for starting Step #9 #2

Open
slthomason opened this issue Sep 5, 2018 · 11 comments
Open

Which files for starting Step #9 #2

slthomason opened this issue Sep 5, 2018 · 11 comments
Assignees
@vineetchoudhary

Comments

@slthomason
Copy link

In step #9:
"Go to the scripts directory and rename the different part of your domain SSL certificate as following -
Rename your Certificate Authority (CA) certificate to cacert.crt, identity.crt and server.crt (Same file with three different name). Your CA cetificate content looks like this ..."

What file is the CA cert? Which file from steps 1-8 are we renaming to the same 3 files?

Are we supposed to run this script to create the files first: https://github.com/intrepidusgroup/imdmtools/blob/master/Tools/server/certs/make_certs.sh
@slthomason
Copy link
Author

I am not sure where these files came from for step #9:

openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt

@vineetchoudhary
Copy link
Owner

Hi,

What file is the CA cert? Which file from steps 1-8 are we renaming to the same 3 files?
We are not renaming any file from step 1 to 8. CA certificate is a part of your domain SSL certificate. Your domain administrator can provide you these files. Like for github.com -
screen shot 10

So, In step 9, you need to rename your existing SSL certificate -

  • Rename your Certificate Authority (CA) certificate to cacert.crt, identity.crt and server.crt (Same file with three different names).
  • Rename your server Certificate Signing Request (CSR) file to identity.csr.
  • Rename your server SSL certificate private key to cakey.key, server.key and identity.key (Same file with three different names).

@slthomason
Copy link
Author

When I download our CA Cert from GoDaddy ... It comes with 2 files - both .crt. One is a single and one is a bundle. Where and how do I generate the identity.csr and the other 3 .key files?

@vineetchoudhary
Copy link
Owner

vineetchoudhary commented Sep 6, 2018
edited
Loading

One of them must contain the content of all 3 files. You can open these file in any text editor.

Certificate Authority (CA) content will look like this

-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIJALJxXxDRdGWNMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIE.................................
.............................pyoNqhOasNUfoAbPgmXt+zXiy9AZWOds6Dc
PtRTSsEEfATviu+nd7jrjS6AW/g4UKBorujxHYtGoqVfNx6aCqHMS+gmH0JbSnX9
-----END CERTIFICATE-----

Certificate Signing Request (CSR) content will look like this

-----BEGIN CERTIFICATE REQUEST-----
MIIDAzCCAesCAQAwgaIxCzAJBgNVBAYTAkFVMRgwFgYDVQQIDA9Tb3V0aCBBdXN0
cmFsaWExETAPBgNVBAcMC...........................................
...........................mqeUCKtYnoCE/zkUUPErkHq4dWo3f+JGPC4Dt
Onj3dUOtkKJifHw0iknYl+fIMnoYfRsVKQ9d3GVKGqb/A4s4qFzbQWbU1rNq9Sx9
mZgrKORxjA==
-----END CERTIFICATE REQUEST-----

SSL certificate private key content will look like this

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD2Xh1z9I4rWZ9J
t5EyoJtH2ImS7UQo5bABItKkYFjP50towTD4+k2PfgPZCRJ3kDSlOVSLHzfD57qB
kCv/UG29nbbIkFH6aqjhfaj.........................................
.................................j8yc3sduzKMd+KoZGGLzEhB/JEFTrHn
jWwvMQENHRawj/Jocsc0PUA=
-----END PRIVATE KEY-----

@slthomason
Copy link
Author

Sorry - just to clarify.

One of the 2 files that I download comes with 1 cert in it. This is the file CA Cert that I duplicate into three copies of files named cacert.crt, identity.crt and server.crt.

Then the other .crt file that has the "bundle" in the filename - that I piece out the indetity.csr file from the section above, and then the other section that has the SSL private keys I part out and make those cakey.key, server.key and identity.key?

The directions above weren't super clear.

@vineetchoudhary
Copy link
Owner

vineetchoudhary commented Sep 6, 2018
edited
Loading

Yes, because different platform manages SSL certificate differently, that's why I added the content of the different certificate file.

BTW, thanks for clarifying. Someone may find this helpful who is using GoDaddy. Also, you can write the Step 9 for GoDaddy. I'll add that in my article. 😄

@vineetchoudhary vineetchoudhary self-assigned this Sep 6, 2018
@slthomason
Copy link
Author

slthomason commented Sep 6, 2018 via email

@vineetchoudhary
Copy link
Owner

Yes, that will be helpful if you are a full stack developer. But in most of the case, these certificate managed by backend developer.

@ulian-onua
Copy link

@vineetchoudhary is it possible to use self-signed SSL-certificates for the server? Will it work?

@vineetchoudhary
Copy link
Owner

Hi @ulian-onua,

Yes, you can use self-signed SSL-Certificates.

@ulian-onua
Copy link

@vineetchoudhary thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vineetchoudhary vineetchoudhary

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@slthomason @vineetchoudhary @ulian-onua