NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: CaseyR on February 04, 2020, 12:37:07 PM
-
Hi, Bruce
One of our clients is part of a bulk acquisition arrangement for certificates. He has received the following for his certificate. This will likely be a common issue for our clients, so I would like to be able to provide specific instructions both for the certificate option and pem decoding. All identifying information has been redacted ... .
Much appreciated. Thanks
---------------------------------------------------------------------------------------------------------
You have successfully enrolled for an InCommon SSL certificate.
You now need to complete the following steps:
* Click the following link to download your SSL certificate (generally try to use a version that includes intermediates & root or your certificate may be rejected by some older clients)
Format(s) most suitable for your server software:
as Certificate only, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=....&format=x509IO
as Root/Intermediate(s) only, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=....&format=x509IO
as Intermediate(s)/Root only, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=...&format=x509IOR
Other available formats:
as Certificate (w/ chain), PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=...&format=x509
as PKCS#7, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=...&format=base64
as PKCS#7: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=....&format=bin
* Import your new certificate into your server (Please contact your administrator for help with this).
* Your renew id: ....
Certificate Details:
Common Name : ......edu
Subject Alternative Names :
Number of licenses :
SSL Type : InCommon SSL (SHA-2)
Term : $Term: 2 Year(s) Server : Apache/ModSSL
Requested : 02/04/2020 09:02 GMT
Approved : 02/04/2020 09:02 GMT
Expires : 02/03/2022 23:59 GMT
Order Number : .....
Self-Enrollment Certificate ID :....
Comments : ....
-
Hi Casey,
NetTalk uses the combination CRT / KEY format.
You can convert PEM to these using the OpenSSL.Exe utility.
(just google around for instructions, there's no shortage.)
cheers
Bruce
-
Thanks, Bruce
Fair enough on the pem encoding, but I would just like to confirm the best download option. I think it is Certificate (w/ chain). Normally, I would just try it out but I don't have access to the sever.
-
Some things (particularly mobile devices) will really want everything in the chain.
That said, you can download the chain items separately (as you mention in your first post).
There are specific instructions for NT as to how you need to paste together the server's certificate and any intermediate/root certificates. https://www.capesoft.com/docs/NetTalk11/NetTalkWebSecure.htm#UsingIntermediateCertificates
Cheers,
Jane
-
Thanks, Jane
-
Hi Casey,
Use https://www.ssllabs.com/ssltest to verify you have it correctly.
Nettalk usually requires the certificate plus chain but not root (some domain registry's may require the root).
But ssllabs will tell you exactly, so no guess work.
Regards
Bill
-
Thanks Bill