slthomason
commented
6 years ago I am not sure where these files came from for step #9:
openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt
Open slthomason opened 6 years ago
slthomason
commented
6 years ago I am not sure where these files came from for step #9:
openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt
vineetchoudhary
commented
6 years ago Hi,
What file is the CA cert? Which file from steps 1-8 are we renaming to the same 3 files?
We are not renaming any file from step 1 to 8. CA certificate is a part of your domain SSL certificate. Your domain administrator can provide you these files. Like for github.com -
So, In step 9, you need to rename your existing SSL certificate -
cacert.crt, identity.crt and server.crt (Same file with three different names). identity.csr. cakey.key, server.key and identity.key (Same file with three different names). slthomason
commented
6 years ago When I download our CA Cert from GoDaddy ... It comes with 2 files - both .crt. One is a single and one is a bundle. Where and how do I generate the identity.csr and the other 3 .key files?
vineetchoudhary
commented
6 years ago One of them must contain the content of all 3 files. You can open these file in any text editor.
Certificate Authority (CA) content will look like this
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIJALJxXxDRdGWNMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIE.................................
.............................pyoNqhOasNUfoAbPgmXt+zXiy9AZWOds6Dc
PtRTSsEEfATviu+nd7jrjS6AW/g4UKBorujxHYtGoqVfNx6aCqHMS+gmH0JbSnX9
-----END CERTIFICATE-----Certificate Signing Request (CSR) content will look like this
-----BEGIN CERTIFICATE REQUEST-----
MIIDAzCCAesCAQAwgaIxCzAJBgNVBAYTAkFVMRgwFgYDVQQIDA9Tb3V0aCBBdXN0
cmFsaWExETAPBgNVBAcMC...........................................
...........................mqeUCKtYnoCE/zkUUPErkHq4dWo3f+JGPC4Dt
Onj3dUOtkKJifHw0iknYl+fIMnoYfRsVKQ9d3GVKGqb/A4s4qFzbQWbU1rNq9Sx9
mZgrKORxjA==
-----END CERTIFICATE REQUEST-----SSL certificate private key content will look like this
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD2Xh1z9I4rWZ9J
t5EyoJtH2ImS7UQo5bABItKkYFjP50towTD4+k2PfgPZCRJ3kDSlOVSLHzfD57qB
kCv/UG29nbbIkFH6aqjhfaj.........................................
.................................j8yc3sduzKMd+KoZGGLzEhB/JEFTrHn
jWwvMQENHRawj/Jocsc0PUA=
-----END PRIVATE KEY-----Sorry - just to clarify.
One of the 2 files that I download comes with 1 cert in it. This is the file CA Cert that I duplicate into three copies of files named cacert.crt, identity.crt and server.crt.
Then the other .crt file that has the "bundle" in the filename - that I piece out the indetity.csr file from the section above, and then the other section that has the SSL private keys I part out and make those cakey.key, server.key and identity.key?
The directions above weren't super clear.
vineetchoudhary
commented
6 years ago Yes, because different platform manages SSL certificate differently, that's why I added the content of the different certificate file.
BTW, thanks for clarifying. Someone may find this helpful who is using GoDaddy. Also, you can write the Step 9 for GoDaddy. I'll add that in my article. 😄
slthomason
commented
6 years ago It might be helpful to write up directions for a brand new cert as the rest of your directions have been spot on.
Spencer
On Wed, Sep 5, 2018 at 11:14 PM Vineet Choudhary notifications@github.com wrote:
Yes, because different platform manages SSL certificate differently, that's why I added the content of the different certificate file.
BTW, thanks for clarifying. Someone may find this helpful who is using GoDaddy.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vineetchoudhary/Apple-iOS-MDM-Server/issues/2#issuecomment-418976933, or mute the thread https://github.com/notifications/unsubscribe-auth/AB0TcsszSOAUC4ekn0f9ct5jPQnQ_bJoks5uYL0vgaJpZM4WaN3o .
vineetchoudhary
commented
6 years ago Yes, that will be helpful if you are a full stack developer. But in most of the case, these certificate managed by backend developer.
ulian-onua
commented
5 years ago @vineetchoudhary is it possible to use self-signed SSL-certificates for the server? Will it work?
vineetchoudhary
commented
5 years ago Hi @ulian-onua,
Yes, you can use self-signed SSL-Certificates.
ulian-onua
commented
5 years ago @vineetchoudhary thank you
In step #9: "Go to the scripts directory and rename the different part of your domain SSL certificate as following - Rename your Certificate Authority (CA) certificate to cacert.crt, identity.crt and server.crt (Same file with three different name). Your CA cetificate content looks like this ..."
What file is the CA cert? Which file from steps 1-8 are we renaming to the same 3 files?
Are we supposed to run this script to create the files first: https://github.com/intrepidusgroup/imdmtools/blob/master/Tools/server/certs/make_certs.sh