Install Signed Certificate


(Levente Csovari) #1

Hello,

Please help me how to request and install signed certificate.
I can buy signed certificate for my Nethserver. RapidSSL company need CSR file for generate signed certificate. How to generate the CSR file? And how to upload signed certificate for email and web?


First time use NethServer, many questions
(Giacomo Sanchietti) #2

http://www.rackspace.com/knowledge_center/article/generate-a-csr-with-openssl

Just set CrtFile, KeyFile and ChainFile, then fire the certificate-update event:
http://docs.nethserver.org/projects/nethserver-devel/en/latest/certificate_management.html#install-a-custom-certificate


(Filippo Carletti) #3

I think that you need to ask RapidSSL how to create the CSR.
When you have the cert, you can follow the manual:
http://docs.nethserver.org/en/latest/base_system.html#install-a-custom-certificate


(Stefano) #4

interesting :smile:

2 different pages?


(Davide Principi) #5

We are missing an UI to upload the certificate from the server-manager.

I think the admin’s manual section pointed by @filippo_carletti will be replaced with upload instructions when the UI is implemented.


(Levente Csovari) #6

First thank you guy’s for helping!

@giacomo : Thank you for link! I use your link for generate CSR file.

generate server private key : openssl genrsa -out /root/domainame.hu.key 2048
generate CSR file : openssl req -new -sha256 -key /root/domainame.hu.key -out /root/domainame.hu.csr

The CSR file sended to RapidSSL for generate signed certificate. After received by email two files from RapidSSL, include certificate_domainame.hu.txt and linux_cert+ca.pem files.

@filippo_carletti : thank you for link! I use for install signed certificate files.
The certificate_domainame.hu.txt rename to certificate_domainame_hu.crt and paste to /root directory. The linux_cert+ca.pem file rename to cacert.pem and paste to /root directory. And found domainame.hu.key files in /root directory. Generated openssl during generate CSR file in first step. After all files copyed, registering new certificates.

Run the following on SSH console :
db configuration setprop pki CrtFile '/root/certificate_domainame.hu.crt’
db configuration setprop pki KeyFile '/root/domainame.hu.key’
db configuration setprop pki ChainFile ‘/root/cacert.pem’

signal-event certificate-update

After certificate updated the IMAP mail server and SOGo web page open without untrusted certificate warning.
All THX for helping again!