[BlueOnyx:09023] Re: ssl-problems

Richard Morgan richard at morgan-web.co.uk
Sat Nov 12 15:20:55 -05 2011 

Hi Soren

I've drafted a set of instruction, which I must confess I have more my own 
use rather than for publishing.  They mention 123-Reg where I buy the certs, 
but the core product is AlphaSSL so it might help a little.

The bit I had trouble working out what how to make the one uploadable file 
from the three files I got sent.  There is a mention of using Notepad... I 
think that's the bit that might help; hope so anyway.  Basically the cert 
needs to include a portion of the key used to create the signing request... 
that's two RSA blocks in one file.

Regards

Richard

Notes (pretend this is a disclaimer for the likelihood of mistakes):


Steps to Installing the SSL Certificate on BQ/BO/BX


CSR:



Ignore the BQ instructions, but turn off self-signed SSL in admin for site. 
Part of the installation is handled via the shell/console, with the last 
step handled via the GUI.



  a.. Log in via SSH, su to root
  b.. Go to /home/sites/www.example.com/certs
  c.. Delete everything (or copy to a safe location)
  d.. Create a server key for signing using: openssl genrsa -out 
www.example.com.key 2048


Use this key to create a certificate signing request.  This will require 
entry of basic company information which is most irrelevant but will be 
display publically in some instances.



  a.. Run the command: openssl req -new -key www.example.com.key -out 
www.example.com.csr
  b.. Enter info
  c.. Make a copy of these keys on local servers for safety


Next we buy the secure cert - 123-reg.co.uk is probably the lowest cost and 
simplest to install



  a.. Complete the contact details and financial information, plus payment
  b.. Paste in the CSR when required
  c.. Select the authorisation email address, making sure it's one that can 
be used to receive messages - getting a repeat message is a serious pain, so 
this should be tested thoroughly
  d.. Approve email when delivered


When the SSL Certificate is delivered:



  a.. Save it to the local PC as www.example.com.crt
  b.. Open it with notepad


Paste a copy of www.example.com.key at the start of the certificate, making 
sure the --- Begin Key --- and --- End Key --- lines stay correctly 
formatted (same applied to --- Cert ---)



  a.. Log in to BlueOnyx GUI and go to the site settings
  b.. In SSL, go to Manage Certificate Authorities and upload the CA Bundle 
as provided in the email (or download it from their site)
  c.. Import the certificate


Test this thoroughly and use many browsers




----- Original Message ----- 
From: ""Søren S. Straszek"" <dump_mail at straszek.dk>
To: "BlueOnyx General Mailing List" <blueonyx at mail.blueonyx.it>
Sent: Saturday, November 12, 2011 7:22 PM
Subject: [BlueOnyx:09022] ssl-problems


> Hi,
>
> I am trying to import a ssl cert (alphassl) to a site on a blueonyx 
> server, but doing this, gives thsi error:
>
>
> The imported certificate does not contain the private key for this 
> certificate, and the private key currently on the server does not match 
> this certificate. If importing a certificate not created on this server, 
> the RSA private key must be included in the imported certificate file.
>
> I do not understand the message  - any help appreciated
>
> Regards
>
> Søren
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list