PDA

View Full Version : Problem working with an SSL certificate authority



holtyboy
01-09-2004, 12:46 PM
Hi Guys,

I've just signed up with Westhost so I'm on the 2.0 system.

I've installed OpenSSL using the control panel, but am a bit stuck getting a "real" certificate into the system.

The certificate authority asked me to send them the server.csr file which I found on my Westhost account in /usr/local/apache/conf/ssl.csr

However I typed "cat system.csr" into my ssh session and copied it over to the web-based sign-up form for the certificate but I got a "not a valid or recognisable certificate" error message.

Any ideas - anybody had any luck installing "real" certificates?

Thanks, adam.

GraphiteFingers
07-23-2009, 03:51 PM
I know this was posted over 5 years ago, but in case this comes up for someone else I have a couple of suggestions:

1. Make sure the domain has the WestHost DNS server strings set up properly and that the DNS info has "propagated" (usually takes an hour or two--even though they say a day or more).
2. Make sure the admin email address is working (not the email address that is included with the info supplied during the OpenSSL installation process, but the email address supplied to the certificate authority. That email address gets validated during the certificate generation process, as does the domain. So they both have to be viable.
3. Make sure when you copy the cat system.csr output that you select exactly what it outputted. No extra spaces or lines and make sure the "-----BEGIN CERTIFICATE REQUEST-----" is included at the beginning and the "-----END CERTIFICATE REQUEST-----" is on the end.
4. Make sure the information supplied during the OpenSSL installation complies with the following:

Country Code: US (Two char country code--uppercase)
State: California (full name, no abbreviations)
City Name: Your City (full name, no abbreviations)
Organization Name: The_name_of_the_organization_generating_this_cert (such as RapidSSL.com)
Organizational Unit Name: Marketing (or something to that effect)
Fully Qualified Domain Name: www.your_domain.com (the URL this certificate is going to be used for)
E-mail Address: your_username@some_email_domain.com

That's all I can think of--hope it helps somebody ;)