Hi there, we try to upload a SSL certificate for our ALE server. Unfortuantley there is no manual.description how we have to do it.
We have the oppotunity to do it via the Admin WegbUI (see screenshot).. but doesn't know which file extentsion is to be what.
We have received from SSL provider the following files:
During generation we have these files contained via ALE:
Which one to use for where upload?
When you acquire a certificate from a signed authority, make sure you download the appropriate certificate for the NGINXweb server.
Upload .crt file along with the private key which you got while generating CSR.
Make sure .crt have proper chain intact RootCA-Intermeidate CA-Singed certificate. If certificate is singed directly by root CA then we dont have intermediate CA in chain.
Try upload .crt file, if that does not work, check if chain is intact if not extract ca-bundle file which contian all the root and intermediate CA certiifcate details. Copy each file and paste in order in notepad, once done save the file in .crt or .pem format and upload.
If my post address your query give kudos:)
Hi there, the .crt file worked - i uploaded together with privkey.pem.
ALE gui showed - uploaded succesfully.
After a reboot of th emachine I was hoping the 'green' https:// sign showed up - unfortunatley it does not show.
How to check if SSL certificate is proper isntalled? Via GUI there is no option. Maybe via CLI?
You dont need to reboot the server after uploading the certificate to ALE, try one more time without rebooting , it should show lock icon in URL, if it does not, then as I mentioned earlier may be certificate chain is missing, try open the .crt file in notepad ++ and check whether it have complete chain, if not we need to manually set the chain.
You can also try once converting the .crt file to .pem and upload the file.
Okay, tried to upload 2 more times - succesfully. Unfortuantely no luck.
So now I have to find the Chain? How to identify it.. and then how to use it in order to work?
I appreciate your help!
We need a single file to upload as a SSL certificate. So right click on the Server cert and open it in a editor utility like notepad++ and concatenate the contents in the below order.1: Server Certificate2: Intermediate Certificate ( if you have any)3: Root certificate
When you open file in notepad if you see only one certificate like above then we need to extract bundil file and get the intermeidate and CA certificate and past in notepad in above order and save it it .pem format and upload.
Still no luck. I copied the certificate from ale.domain.com.crt and pasted into notepad.
THen opened ca bundle file (3 certificates in there - not knowing which is intermediate and root) and copied first two into new notepad crt file. Uploaded succesfully - no green lock.
Copied last two out the ca-bundle, copied into notepad uploaded succesfully - no green lock.
I have no idea..
Can you share the names of the list of files from the extracted bundle. So when you open .crt file you are seeing only one certificate ? If yes then it means chain is missing.
I don't have files listed in ca-bundel (on a windows machine). If I open with Sublime Text - I see 3 times --begin certificate---- end certificate -----
In the ale.domain.com.crt just one certificate if listed.
Where can I find the intermediate certificate? And root? Otherwise you can subtract form ca-bundle for me?
Are you seeing same server certificate in the bundle? As you mentioned it have three certificate listed.If yes then remaining two certifictes in bundle should be intermediate and root.
If server certificate is listed on top in bundle then copy complete three certificates past in notepad ++ and save it as .pem file and upload.
No, the certificate in ale.domain.com.crt is different then certificate on top of the 3 in the ca-bundle...
May be you have two intermediate CAs and one root CA in bundle. Copy the server certificte first and remaning three next in line in notepad ++ and save it in .pem format and upload.
If that not fix the issue, please open TAC ticket.
Yes we have two intermediate certificates in it..
Are you able to upload now?
It is working now. Thanks for the help!
Good to hear, that finally issue got fixed.
If my post address your query, give kudos:)
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.