You ever try to buy something, you put so much into it, and you know you should give up. But the time you have invested is worth something right?
A long road, with quite a bit learned, we are now at a wall, I will get to the problem but I know what I have learned would help others.
Application; A FQ site was a IRM for years, just upgraded following testing. The upgrade was to have SSL capability. A Wordpress site, with two major plugins. Cart66 a commerce solution, and Catablog for presentation.
Tried to use the shared cert from FQ, works but presents the user with a warning page since the site does not match the .merchantquest.net cert.
On to setting up a SSL. Ordered at GoDaddy, they offer them for $12.99 1 year, up to 5 as we publish this.
Activated it, and selected "request certificate" on GoDaddy, they then request you enter the CSR.
Notes:The GoDaddy instructions indicate you need to cd usr/bin you do not have to do this at FQ. Make sure you use a "L" in openssl not a "1".
Back to FQ to get that.
Step 1 install PuTTY and connect to the server, make sure you type in your user id and password correctly, to many tries and you will be locked out. (email FQ with your ip address if you do)
For us we used "onthestep" in place of "<name of your certificate>"
Step 2 in the session window enter the following. The prompt will be [yourdomain@FQ-yourserver;~ ] $ (enter the following) you can make up your certificate name. do not type in the $ add the text following it.
$ openssl genrsa -des3 -out <name of your certificate>.key 2048
The server will generate a key. If you do not have typo's it will tell you that with showing dots and plus signs
You will then be asked to "Enter pass phrase for xyz.key" You will then be asked to verify it. 4 characters minimum.
Then type
$ openssl req -new -key <name of your certificate>.key -out <name of your certificate>.csr
You will then be asked for your pass phrase again.
Step 3 You will be asked the following questions;
Country Name:
a two letter code
State:
we are in New Hampshire, NH is ok, a space is ok.
Locality Name:
City
Organizational Name:
we used our incorporated name here
Organizational Unit Name:
we used our DBA name here for the product
Common Name:
this is not "your name" it is your website without the http://
Email Address:
your contact address
(extra)
A challenge password:
hit enter for none
An optional company name:
hit enter for none
The server then generates the csr. enter the following to see it.
$ openssl req -noout -text -in <name of your certificate>.csr
(I would have expected to find the .csr when looking at the site through ftp, it was not there, my guess it is in the FQ root, but just guessing.)
Step 4 copy that out of your command window and paste it somewhere. This is the code that is entered into the GoDaddy CSR window.
STOP
Hope the instructions help others, but remember we do not know what we are doing and just learned it with guidance from FQ staff and other resources.
Now we have a problem, the dump looks like this.
Quote:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=New Hampshire, L=Londonderry, O=ImageAbility Inc., OU=On The Step A-Frame Signs, CN=onthestep.com/emailAddress=youremail@yourdomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:af:07:f1:1e:b2:79:40:be:b5:a8:48:49:9c:07:
14:1f:1c:e6:e7:41:b3:55:7d:06:13:71:6c:29:1f:
followed by more hex code
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha1WithRSAEncryption
3f:c1:ed:b4:3a:d3:53:b7:9c:db:12:6b:e3:3d:18:bf:75:18:
33:fd:5d:14:da:25:7b:1f:ab:5d:e1:4e:83:53:9f:23:0e:d5:
followed by more hex code ending with that.
|
Calling GoDaddy, (they are earning the $13 bucks!) the CSR should not look like that. It should look like this.
Quote:
-----BEGIN CERTIFICATE REQUEST-----
MIIBzDCCATUCAQAwgYsxHDAaBgNVBAMTE3d3dy50aGlzaXNhdGVzdC5jb20xCzAJ
BgNVBAYTAlpBMRkwFwYDVQQIExBXZXN0ZXJuIFByb3ZpbmNlMRIwEAYDVQQHEwlD
YXBlIFRvd24xEjAQBgNVBAoTCVRlc3QgQ29ycDEbMBkGA1UECxMSVGVzdGluZyBE
and more letters and numbers ending with...
-----END CERTIFICATE REQUEST-----
|
Give a little get a little. I hope this helps someone get this far, can anyone tell me why the .csr does not start with -----BEGIN CERTIFICATE REQUEST----- and end with -----END CERTIFICATE REQUEST----- like GoDaddy said it should for any CSR submission to any SSL service.
We know about the FQ customer that "helps" people we are trying to do it and learn it on our own. I did use
Matt's tool it does create the Certificate in the proper formatting. Just trying to understand why it is not generating correctly on the server.