[BlueOnyx:18593] Re: SSL 5208R

[Michael Stauber]

Hi Don,

> I can't get the cert/key to upload.

I'm pretty puzzled about that, as the procedure is really
straightforward and hasn't failed me once.

I detail the entire procedure for getting an SSL certificate here - not
just the uploading:

1.) Under "Site Management" choose the site in question and then click
on "SSL". Click the button "Create Signing Request". Optionally tick the
checkbox for "Generate Self-Signed Certificate" if you want to use a
self signed cert until you get the real one. Fill in the blanks.

2.) Accept the download of the signing request and pass it on to your
SSL CA authority. They will hand you a certificate. Possibly they will
also hand you one or more intermediates.

3.) Go to SSL of the Vsite. If you have intermediates, put them in
separate textfiles named *.txt and import them one by one via the
"Manage Certificate Authorities".

Once that's done (or if you received no intermediates) make sure your
certificate is in a single textfile with *.txt extension.

The page behind the "Import" button will process the import request
provided two things are true:

a.) The uploaded file contains a certificate that works together with
the key that is already *on* the server for that Vsite. You can find it
under /home/sites/www.site1.com/certs/key

In that case the *.txt file you upload contains *only* the certificate
that you received from the CA authority:

-----BEGIN CERTIFICATE-----
MIIDXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXX=
-----END CERTIFICATE-----

b.) The uploaded file contains *both* the key and the certificate.
Either because the CA authority is really cheap (and/or NSA sponsored),
or because you simply want to re-upload a cert/key combo that you
previously downloaded via the "Export" button.

If you upload a textfile that contains both key and certificate, then
the key that is already present on the server for that Vsite will be
overwritten. So the file that you upload might contain something like
this if you really want (or need to) upload both key and certificate:

-----BEGIN RSA PRIVATE KEY-----
MIIEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXX==
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
MIIDXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXX=
-----END CERTIFICATE-----

That's basically all there is.

-- 
With best regards

Michael Stauber