- This topic is empty.
31. May 2015 at 22:27 #8553
I have an issue setting my c10le (8.508) up to authenticate to the storefront 2.6 servers ( I have load balancer but need to finish setting it up for ssl).
If I try to connect to the storefront server I get ssl ‘unknown certificate authority’. Fair enough, exported my root certificate from the storefront server (internal ca). Added this in to the cacerts folder on Ftp server. Amend the link file & Reboot the terminal & still get the same message.
Imported the intermediate certificate as well, using the same method. Same result.
I have the root & intermediate certs in the cacerts folder & ini file.
Do I also need to put the server certificate in there?
Is there a special way to export and the file extension they need to be?
Thanks, Matt1. June 2015 at 14:44 #25566
No, you only need Root and all intermediate ones.
Once you have successfully imported them, you should see them listed in the ThinOS Certifacte Center with your domain name on top of the hierachy.
CG9. June 2015 at 15:52 #25578
Didn’t think I would need the server one, as the storefront server is presenting that one.
Is there a particular format the certs need to be in? Was reading about them needing to be .crt’s.
As the certificates will be on an open ftp share I am sure my security team will have an issue with the domain root & intermediate certificates being on there. Is there a way to encrypt them with a password (not sure if it is possible to export as .pfx)
Matt10. June 2015 at 7:32 #25581
No. Only machine or personal certificates can be in pfx format.
The domain certs have to be in *.crt format. But this shouldn’t be an issue.
All root certificates from all https website can be downloaded.
I would be a securitiy issue if you get your hands on the private keys. But the standard root certificates only contain the public key.
Everyone could have those.
No security concerns here.
CG10. June 2015 at 19:35 #25588
Got it sorted. Exported the certs in base format. Opened them in Notepad (other text editors are available) & could see start certificate & end certificate. Opened the der encoded ones & it was just random text. I had tried importing the der ones in the ini file first & it did not work. So I put the base ones in the ini file & they imported fine & let me login to the website without any issues.
Matt11. June 2015 at 20:46 #25595
Just a little update.
Tested again from a c10le & the certs would not import, even though they were in the folder & in the ini file.
Colleague said why don’t you try putting the AddCertificate= onto separate lines in the ini file.
Did that & the certificates started loading in fine.
Bit weird that it is needed for the certificates, but not for any other lines of code.
Issue resolved12. June 2015 at 13:34 #25600
What was the “non-working” parameter?
- You must be logged in to reply to this topic.