3 Replies Latest reply: Feb 21, 2012 11:14 AM by 838745 RSS

    Installing SSL certificate

    838745
      Hello,

      I am trying to install a new signed certificate but having hard time. Any suggestion would be appreciated.


      I created a new SCR by using:

      #Tarantella security certrequest –country “US” –State “California” –orgname “University of California Irvine” –locality “Orange” –Keylength 2048

      Sent SCR to supported authority and got the certificate back. I have copy this certificate in root. So far so good, but problem is that I can’t install it.

      If I use

      #Tarantella security certuse

      After initial warning I copy the content of certificate, hit <ENTER> and then Ctrl+D but I get error claiming that: Not a valid certificate

      If use:

      #Tarantella security certuse < /root/myResearch.p7b

      I get following repeating error:

      Are you sure you want to overwrite it? [no]

      And then in the end of this repeating statement the last sentence says: Not a valid certificate.

      What am I doing wrong?

      Thanks.

      Habib.
        • 1. Re: Installing SSL certificate
          user12629685
          From tarantella security certuse --help

          Certificates must be Base 64-encoded PEM-format, with a header line
          including "BEGIN CERTIFICATE", as used by OpenSSL.

          It looks like you have been given a certificate in a different format, PKCS#7 (p7b). You could request a new certificate from the CA in PEM format or try to convert the one you have. I do not think SGD supports that conversion, but there are tools to convert certificate formats on the web.
          • 2. Re: Installing SSL certificate
            838745
            i am not sure about PEM format. I am trying to find answer from security team. however, in the mean time I got the new certificate in base 64-format with cer extension. I used following command:

            tarantella security certuse --certfile /opt/var/tps/myresearch2012-base64.cer

            It gives warning that 'A key file already exists for this server. Are you sure you want to overwrite it ?' If say yes it returns 'The certificate file doesn't exist'.

            Any other suggestion?

            Thanks.
            • 3. Re: Installing SSL certificate
              838745
              That's what it worked for me.

              tarantella security certuse certfile /opt/tarantella/var/tsp/myresearch-2012-base64.cer keyfile /opt/tarantella/var/tsp/key.pending.pem

              Thanks.

              Habib.