Announcement

Collapse
No announcement yet.

Certificate problem

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Certificate problem

    Hey Guys,

    I have problems with SSL for AXIGEN too. I have try with StartSSL-Certificate and he said "Invalid path to certificate file or invalid certificate file!". Now, I have bought a Certificate via psw.net (Comodo / Positive SSL Class 1) and I get the same error. I can't understand this problem.

    IHMO the documentation is not very good. I get 4 files as .CRT-File.
    What is the exactly requirement of Axigen??? Which is the correct file-(extension) for this?? Does Axigen needs for every listener a separate Certificate or can we use a single file???

    Many thanks from Germany,
    Regards - Axel

    #2
    Hello,

    As you probably know there is not a common standard related on how the certificates are named and provided by the issuer to the requester and this is why the documentation is impossible to cover all possible scenarios.

    Nevertheless please find below some simple steps that you could follow in order to install your new certificate:

    A. Create the certificate PEM file - let's call it my_domain.pem

    Axigen uses a .pem file to store both unecrypted private key and the SSL certificate that might be provided to you in a .crt file.

    Please note that the private key file should be available as it was generated and used when you have requested the SSL certificate. If you did not saved it (or have lost it afterwards) your SSL certificate became useless as the private key could not be regenerated.
    • Private key - let's say you have save it in my_domain.key and it should contain several text lines like:
    Code:
    -----BEGIN RSA PRIVATE KEY-----
    MIIJKQIBAASSSgEAvlvYrl1VutgpBD4EZztydddcX8zB6b6b0+NLV4jhk6zaQTa
    aRTlgO6hgvLjvzrHgFFecYxtqJa03mVJUmu21dqNa7PRAK8Lt6zb50K7P+lt+rkv
    0PcALacpSIYuiColzk4muiIas8UocEyo9pMhcn4zEHOX9tOSF7qEUPW23p4ymXj8
    ...
    jBumY4c6ToPmCSB+/cRVcHkUvaUIuqmAkAKnKmFhwjnbeJN4RKPiKxUUg5LTgwLU
    dmj40cldomBSpD/oDRpk0w6pjwZ2VxThPfYMIAqKmhCHRLlaUeVZfmscjnOdud0p
    O2iJMn4v8PTFCFGnCIDjpXpQ3+igUfGBmd7CUjW0s/rx1FBhbGdaw3bDrHWadDvd
    -----END RSA PRIVATE KEY-----
    Note: The unencrypted private key could be extract from an encrypted one by using the following command:
    Code:
    openssl rsa -in my_domain.key.encrypted -out my_domain.key
    If the encrypted key is protected by a pass phrase, enter the it when prompted otherwise the decrypt process (as expected) will fail
    • Cetificate - let's say you have save it in my_domain.crt and it should contain several text lines like:
    Code:
    -----BEGIN CERTIFICATE-----
    MIIF5jCCBM6gAwIBAgIDFG92sXNLl0hoWCVEbY3sHBBBgkqhkiG9w0BAQsFADB4
    VR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTdp0KFhrW6
    AHoysW9/RJ0Yt6RR6zAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTAm
    ...
    PL4Jfc7xOn6S0DOr4spUxyVj8QO2htzJq358Nto1zY1hSQn9/u3AefaHG0S/n9vO
    DzOL1uUVzjjvk9ulZPJo/6JRyHiSnWOa3Hs0MDpQzS4I6t6XM6M7FMfDMTtk4IK8
    lQtuFho0a0hmDjMmujDKwyy9iQu/aRW99N66YBiezjH3
    -----END CERTIFICATE-----
    Now you can prepare your my_domain.pem like:
    Code:
    cat my_domain.key my_domain.crt > ${AXIGEN_WORK_DIR}/my_domain.pem

    B. (Optional) create the CA (Certificate Authority) CERT file - let's call it my_CA.pem
    This file should contain all CA certificates (root and intermediate ones) you have received from the certificate issuer

    This should be as simple as:
    Code:
    cat CA_root.crt CA_intermediate1.crt CA_intermediate2.crt > ${AXIGEN_WORK_DIR}/my_CA.pem

    C. Axigen Configuration
    Assuming that you have saved the mandatory my_domain.pem and the optional my_CA.pem files in the Axigen working directory (and the files could be read by the user used to ran Axigen process), you could now continue to configure the SSL listener(s) with your new certificate:

    Connect to WebAdmin and go to Service > Listener > SSL
    • Certificate file: my_domain.pem
    • (optional) Certificate authorities file: my_CA.pem
    • Save configuration
    Note: If you like to use the self signed certificate generated by Axigen (at the installation time) you should use axigen_cert.pem file, that it is also stored in the Axigen working directory.

    After you finished certificate configuration you could locally test your SSL listener like:
    Code:
    openssl s_client -connect <listener_ip>:<listener_port>
    or with any online tools like:As a final note you could use this resource for common OpenSSL commands that are useful when dealing with SSL certificates.

    HTH,
    Ioan

    * Currently supporting only the default HTTPS port (443)
    Last edited by indreias; June 3rd, 2016, 07:11 AM.

    Comment

    Working...
    X

    This is the legacy Axigen forum, which is no longer active.

    To create new topics & posts, please visit the new Axigen community.

    Axigen Community