04-11-2017 03:30 AM
Hi there, we try to upload a SSL certificate for our ALE server. Unfortuantley there is no manual.description how we have to do it.
We have the oppotunity to do it via the Admin WegbUI (see screenshot).. but doesn't know which file extentsion is to be what.
We have received from SSL provider the following files:
During generation we have these files contained via ALE:
Which one to use for where upload?
Solved! Go to Solution.
04-11-2017 03:57 AM
When you acquire a certificate from a signed authority, make sure you download the appropriate certificate for the NGINXweb server.
Upload .crt file along with the private key which you got while generating CSR.
Make sure .crt have proper chain intact RootCA-Intermeidate CA-Singed certificate. If certificate is singed directly by root CA then we dont have intermediate CA in chain.
Try upload .crt file, if that does not work, check if chain is intact if not extract ca-bundle file which contian all the root and intermediate CA certiifcate details. Copy each file and paste in order in notepad, once done save the file in .crt or .pem format and upload.
If my post address your query give kudos:)
04-13-2017 12:16 AM
Hi there, the .crt file worked - i uploaded together with privkey.pem.
ALE gui showed - uploaded succesfully.
After a reboot of th emachine I was hoping the 'green' https:// sign showed up - unfortunatley it does not show.
How to check if SSL certificate is proper isntalled? Via GUI there is no option. Maybe via CLI?
04-13-2017 01:37 AM
You dont need to reboot the server after uploading the certificate to ALE, try one more time without rebooting , it should show lock icon in URL, if it does not, then as I mentioned earlier may be certificate chain is missing, try open the .crt file in notepad ++ and check whether it have complete chain, if not we need to manually set the chain.
You can also try once converting the .crt file to .pem and upload the file.
04-13-2017 01:45 AM
Okay, tried to upload 2 more times - succesfully. Unfortuantely no luck.
So now I have to find the Chain? How to identify it.. and then how to use it in order to work?
I appreciate your help!
04-13-2017 01:57 AM
We need a single file to upload as a SSL certificate. So right click on the Server cert and open it in a editor utility like notepad++ and concatenate the contents in the below order.
1: Server Certificate
2: Intermediate Certificate ( if you have any)
3: Root certificate
When you open file in notepad if you see only one certificate like above then we need to extract bundil file and get the intermeidate and CA certificate and past in notepad in above order and save it it .pem format and upload.
04-13-2017 02:43 AM
Still no luck. I copied the certificate from ale.domain.com.crt and pasted into notepad.
THen opened ca bundle file (3 certificates in there - not knowing which is intermediate and root) and copied first two into new notepad crt file. Uploaded succesfully - no green lock.
Copied last two out the ca-bundle, copied into notepad uploaded succesfully - no green lock.
I have no idea..
04-13-2017 02:48 AM
Can you share the names of the list of files from the extracted bundle. So when you open .crt file you are seeing only one certificate ? If yes then it means chain is missing.
04-13-2017 02:51 AM
I don't have files listed in ca-bundel (on a windows machine). If I open with Sublime Text - I see 3 times --begin certificate---- end certificate -----
In the ale.domain.com.crt just one certificate if listed.
Where can I find the intermediate certificate? And root? Otherwise you can subtract form ca-bundle for me?
04-13-2017 02:58 AM
Are you seeing same server certificate in the bundle? As you mentioned it have three certificate listed.If yes then remaining two certifictes in bundle should be intermediate and root.
If server certificate is listed on top in bundle then copy complete three certificates past in notepad ++ and save it as .pem file and upload.