[BlueOnyx:18594] Re: SSL 5208R

Tue Oct 27 19:55:16 -05 2015

I'd generated the CSR via another machine of mine. I was already there, 
at shell, so I gen'd the CSR. That's why I was having to upload the key 
and cert.

Never thought it would be a problem to create the CSR on another 
machine, but I guess it is.

I re-created the CSR from the GUI, had the cert re-issued, and after 
renaming to .txt, was able to get it to take the cert.

-- 
Don Teague
donteague.com
health.donteague.com - Let me show
you how to earn residual income.
CyberDust ID: donteague

> Michael Stauber <mailto:mstauber at blueonyx.it>
> Tuesday, October 27, 2015 16:09
> Hi Don,
>
>
> I'm pretty puzzled about that, as the procedure is really
> straightforward and hasn't failed me once.
>
> I detail the entire procedure for getting an SSL certificate here - not
> just the uploading:
>
> 1.) Under "Site Management" choose the site in question and then click
> on "SSL". Click the button "Create Signing Request". Optionally tick the
> checkbox for "Generate Self-Signed Certificate" if you want to use a
> self signed cert until you get the real one. Fill in the blanks.
>
> 2.) Accept the download of the signing request and pass it on to your
> SSL CA authority. They will hand you a certificate. Possibly they will
> also hand you one or more intermediates.
>
> 3.) Go to SSL of the Vsite. If you have intermediates, put them in
> separate textfiles named *.txt and import them one by one via the
> "Manage Certificate Authorities".
>
> Once that's done (or if you received no intermediates) make sure your
> certificate is in a single textfile with *.txt extension.
>
> The page behind the "Import" button will process the import request
> provided two things are true:
>
> a.) The uploaded file contains a certificate that works together with
> the key that is already *on* the server for that Vsite. You can find it
> under /home/sites/www.site1.com/certs/key
>
> In that case the *.txt file you upload contains *only* the certificate
> that you received from the CA authority:
>
> -----BEGIN CERTIFICATE-----
> MIIDXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXX=
> -----END CERTIFICATE-----
>
> b.) The uploaded file contains *both* the key and the certificate.
> Either because the CA authority is really cheap (and/or NSA sponsored),
> or because you simply want to re-upload a cert/key combo that you
> previously downloaded via the "Export" button.
>
> If you upload a textfile that contains both key and certificate, then
> the key that is already present on the server for that Vsite will be
> overwritten. So the file that you upload might contain something like
> this if you really want (or need to) upload both key and certificate:
>
> -----BEGIN RSA PRIVATE KEY-----
> MIIEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXX==
> -----END RSA PRIVATE KEY-----
>
> -----BEGIN CERTIFICATE-----
> MIIDXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXX=
> -----END CERTIFICATE-----
>
> That's basically all there is.
>
> Don Teague <mailto:blueonyx at donteague.com>
> Tuesday, October 27, 2015 15:30
> Ordered the certificate from CheapSSLSecurity.com (disclaimer: not an 
> advertisement) just like I have in the past.
>
> In fact I've got certs on a different 5208R server running the 
> certificate just fine.
>
> Go into the Site section of the admin GUI, and navigate to SSL for 
> that site. I've now been able to upload the CA's by renaming to .txt, 
> but I can't get the cert/key to upload.
>
>
>
>
> Chris Gebhardt - VIRTBIZ Internet <mailto:cobaltfacts at virtbiz.com>
> Tuesday, October 27, 2015 14:53
> Hi Don,
>
> No, can't say that I have. But that's kind of why I was asking for the
> steps you're taking so we can duplicate the failure that way.
>
> If I missed that along the way, give me the BlueOnyx:18xxx number and
> I'll go back and read it!
>
> Don Teague <mailto:blueonyx at donteague.com>
> Tuesday, October 27, 2015 14:33
> Ever run into a problem like the one I'm having, Chris?
>
>
>
> Chris Gebhardt - VIRTBIZ Internet <mailto:cobaltfacts at virtbiz.com>
> Tuesday, October 27, 2015 11:27
> Hi Guys,
>
> Wow... we install maybe a dozen or so certs per month on various
> BlueOnyx servers. Not exactly high-volume, but it's fairly regular,
> anyhow. I'm not sure where you're sourcing these from, but we never
> have any issues installing our certs.
>
> Can you walk us through the steps you're taking? Maybe we'd be able to
> duplicate the failure that way.
>

-- 
-- 
Don Teague
donteague.com
health.donteague.com - Let me show
you how to earn residual income.
CyberDust ID: donteague

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20151027/e350ee46/attachment.html>