NewPush » Certificates http://newpush.com Server Hosting, Data Warehouse Hosting, Collaboration Fri, 20 Apr 2012 10:25:44 +0000 en hourly 1 Creating an easy to deploy SSL certificate in PEM formathttp://newpush.com/2011/11/creating-an-easy-to-deploy-ssl-certificate-in-pem-format/ http://newpush.com/2011/11/creating-an-easy-to-deploy-ssl-certificate-in-pem-format/#comments Mon, 07 Nov 2011 17:03:02 +0000 Balazs http://newpush.com/?p=1379 Continue reading ]]> When ordering a secure certificate, most often one has to deal with the following files:

  • certificate key file (aka private key): .key
  • certificate request file: .csr
  • primary certificate file (issued by the CA): .crt
  • certificate chain (aka intermediate certificate, or sf bundle): sf_bundle.crt

As a result, when deploying to a web server, it is necessary to configure 3 files: the key, the cert, and the trust chain. However, a little known fact is that these can be combined in a “pem” file that holds all three. One may even include the trusted root certificate optionally. Here is how:

  • download your certificates (your_domain_name.crt) from your NewPush Customer Portal.
  • paste the entire body of each certificate one by one into one text file in the following order:
    • domain.key
    • domain.crt
    • sf_bundle.crt

    Make sure to include the beginning and end tags on each certificate. The result should look like this:

    -----BEGIN RSA PRIVATE KEY-----
    ...
    -----END RSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----

The number of

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

sections will depend of the length of the certificate trust chain.

]]> http://newpush.com/2011/11/creating-an-easy-to-deploy-ssl-certificate-in-pem-format/feed/ 0 How to add a secure cert to IIS on Windowshttp://newpush.com/2009/05/how-to-add-a-secure-cert-to-iis-on-windows/ http://newpush.com/2009/05/how-to-add-a-secure-cert-to-iis-on-windows/#comments Sun, 31 May 2009 15:30:36 +0000 Balazs http://www.wdream.com/?p=293 Continue reading ]]> To add an SSL cert to IIS 5 on Windows, you need two separate steps:

  1. Create a p12 (pkcs12) cert file:
    2. cat server.key server.crt > server.pem
openssl pkcs12 -export -in server.pem -out server.p12 -name "server"
  2. Import the p12 file into IIS:
    3. Start->Run->mmc
Ctrl+M
Add...
Certificates
Computer Account
Finish
Close
OK
Open "Certificates (Local Computer)" tree
Right click Certificates
All Tasks->Import...
Browse to .p12 cert
Next
Next
Next
Finish
  3. Select cert for site
    4. Open IIS Admin
Select properties of website
Select Directory Security Tab
Server Certificate...
Next
Assign existing cert
Next
Select Cert
Next
Next
Finish
Web Site tab
SSL Port 443
Apply
OK

]]> http://newpush.com/2009/05/how-to-add-a-secure-cert-to-iis-on-windows/feed/ 0 How to remove a passphrase from an SSL cert keyhttp://newpush.com/2009/05/how-to-remove-a-passphrase-from-an-ssl-cert-key/ http://newpush.com/2009/05/how-to-remove-a-passphrase-from-an-ssl-cert-key/#comments Sun, 31 May 2009 14:10:01 +0000 Balazs http://www.wdream.com/?p=232 Continue reading ]]> Here are the steps to remove a pass phrase from a cert key. This solution was originally discovered on the modssl website:

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Make sure the key is readable by root only,

chmod 400 server.key

]]> http://newpush.com/2009/05/how-to-remove-a-passphrase-from-an-ssl-cert-key/feed/ 0