Security

Reply
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Wildcard certificate question

Hello,

 

I am new to this and my company has ordered a wildcard certificate (by godaddy.com) for our domain and subdomain name. Now I want to use it for my CP server but I am bit lost on how to do it.

 

I have my domain name cert and an intermediate cert, the private key saved on a txt and the password. So what do I need to do ?

 

On CPPM, I can see that I can import a Server Certificate and asks me for a Certificate File, Private Key File and Password. Any one can give some tips, thanks

 

Regards

 

Dimitri

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Wildcard certificate question

What are you going to use the Cert for

SSL
.1x

Windows has an issue with trusting wildcard certs for 802.1x
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Wildcard certificate question

The cert is for SSL.

 

Thanks

 

Dimitri

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Wildcard certificate question

1. Make sure you import the Root and any Intermediate certs into the trust list

2. Combine the Wildcard cert with the Root and Intermediate if you can

    a. Some device do not trust godaddy intermediate certs so it help to combine the full trust chain.

    b. Digicert has an easy to understand how-to " http://www.digicert.com/ssl-support/pem-ssl-creation.htm "

3. Then you just import the newly created .pem file to CPPM

 

 

 

 

 

Creating a .pem with the Entire SSL Certificate Trust Chain

  1. Log in to download your Intermediate (DigiCertCA.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt) from within your DigiCert Customer Account.
  2. Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:
    1. The Primary Certificate - your_domain_name.crt
    2. The Intermediate Certificate - DigiCertCA.crt
    3. The Root Certificate - TrustedRoot.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:

-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 

-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: DigiCertCA.crt) 
-----END CERTIFICATE----- 

-----BEGIN CERTIFICATE----- 
(Your Root certificate: TrustedRoot.crt) 
-----END CERTIFICATE-----

Save the combined file as your_domain_name.pem. Your .pem file is now ready for use.

Creating a .pem with the Server and Intermediate Certificates

  1. Log in to download your Intermediate (DigiCertCA.crt) and Primary Certificates (your_domain_name.crt) from within your DigiCert Customer Account.
  2. With a text editor (such as wordpad), copy and paste the entire body of each certificate into one text file in the following order:
    1. The Primary Certificate - your_domain_name.crt
    2. The Intermediate Certificate - DigiCertCA.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:

-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 

-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: DigiCertCA.crt) 
-----END CERTIFICATE-----

Save the combined file as your_domain_name.pem. Your .pem file should be ready for use.

 

Ref- http://www.digicert.com/ssl-support/pem-ssl-creation.htm

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 725
Registered: ‎03-25-2009

Re: Wildcard certificate question

[ Edited ]

 

EDIT: meh, that'll teach me doing tons of stuff at the same time. just see above for tarnolds explanation :)

 

Just import the certificate: /tips > Administration > Certificates - Server Certificate.

 

Make sure your Certificate includes the server certificate itself and all of the chain upwards to the CA.

For this just edit the server cert in a txt editor and then copy/paste all intermediate and other CA's under your server cert. It should look something like the cert chain for *.google.be below:

 

 

-----BEGIN CERTIFICATE-----
MIIEezCCA2OgAwIBAgIIRhUxDWF8j10wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTMwODE0MjIwMTU3WhcNMTQwODE0MjIwMTU3
WjBlMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEUMBIGA1UEAwwLKi5n
b29nbGUuYmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCCe0oJbEOu
0JXsO6eHcll+PnvUehRCzFWNoKMsE6Kyzef1GshzMRk5a3R00OemcT8l90xW/A0l
ErE/yk8Fcb9HuIYEmHXqmmqMO+uekIpkrrH7Lp/w2fbjzouRFfrxJ8I8Y1IpEMa9
c+XI8vPG2Kz+sxwqNIl7zjRXwhAvGa05N6JnxvCgv1YXhQZxnhSyj3Xl+irQLUHZ
VRcX8thKyvKxnVVsl0fK82kVhz1PYevzqwYGbPLxzCz6VlQmNXfjp7tvbNGB70N8
RaTeNpo4TI/az9pUPDzNVCz9d5IeGLfUI0hDWUMxKA43LmtVXsFfbcPjH1f0qrXx
J970aPuHwUMxAgMBAAGjggFJMIIBRTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwIQYDVR0RBBowGIILKi5nb29nbGUuYmWCCWdvb2dsZS5iZTBoBggrBgEF
BQcBAQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFH
Mi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29j
c3AwHQYDVR0OBBYEFA0opURLlQjZlxLP6O348xy9tvFsMAwGA1UdEwEB/wQCMAAw
HwYDVR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wFwYDVR0gBBAwDjAMBgor
BgEEAdZ5AgUBMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNv
bS9HSUFHMi5jcmwwDQYJKoZIhvcNAQEFBQADggEBAJqTgZ4VhHpbjsdBKNTU6I7o
EGebjy5BggfMUCEyImvCkArGm9xWAZGOx3rZ6rCRxR+jw9wfTXnpGxnsQr+7atmr
zcvBg0poExYlib6eKfXvvbXCazTDLuU7l/IDQjW2O5LZ5AjV6ojZimcyzII2ihe0
K03ULes2L8Qz9aenfPP7or7HE0A9qlUJHBmyuHvnC+dX9N54aVT8IuhjXN6y6OK6
v6yMglY5OuXdvN65DDeq9bUQCNUDlc0kIofQndyUNzVJkvkFnw7IQjXlyOQzaXvd
mwMU+d0GQx7HAf5ozJ/g+w16ejiiWzoqxTpBh8WfrpnWxadHcner7/Drvh4k6Co=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----

 

Then include your private key file and the password and you should be golden.

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Wildcard certificate question

Ok, the thing is that I have mydomain.crt file and a list of Go Daddy Certificate Chain .crt files. So I can't copy paste the entire body of the cert into a txt editor.

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Wildcard certificate question

Just right click on the file and open with wordpad or change the .cer to .txt

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 725
Registered: ‎03-25-2009

Re: Wildcard certificate question

[ Edited ]

edit: grrr, late again

 

boxcar: don't see why you can't copy past the stuff? All the certificates in your chain (other than your private key) should be public and provided by your certificate authority.

Can you clarify further why you can't just open every certificate in a txt editor and combine them in a new certificate-chain? You can open the .crt files in a txt-editor or open them and select the Copy to File button from the Details tab.

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Wildcard certificate question

[ Edited ]

I am so dumb, I haven't tried right click and choosed an other programm to open it.

 

Another quick question : do I need to add the certificate on my IAPs ?

Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Wildcard certificate question

So I have created mycertificate.pem and copy paste my rsa private key (the one I get when I have done my CSR) into a .key but I have this error : Private Key File does not match the Certificate

 

Any idea ?

Search Airheads
Showing results for 
Search instead for 
Did you mean: