All geek questions in one place

OpenShift with Comodo SSL

I am trying to download SSL certificates for my OpenShift alias. I used the instructions here: http://cloudhostingsource.com/setup-ssl-certificate-openshift/

I am stuck, however, in the download part - I already created a CSR, activated the certificate. Every time I try to upload files, it returns me to the same page without notice.

Comodo SSL sent me 4 files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • myApp.crt

How to download them? There are three download fields for Openshift ... What can I upload to an SSL certificate? Certificate Chain? I have my secret key, and I know the key.

thanks

+5
source share
4 answers

I just want to publish an update for this for users who are faced with this problem in the future ... I'm not sure if it was because I added a public SSH key through the RHC setup, but did nothing (there is no permutation of the chain of folders with the copy , file switching) will work through the file downloader.

In the end, before deciding to call Red Hat and QQ, I used the command line console to add SSL files ...

Here is the command I used:

rhc alias update-cert php www.myapp.com --certificate myApp.crt --private-key myApp.key --passphrase mypass

This link contains additional information: https://access.redhat.com/documentation/en-US/OpenShift_Online/2.0/html/User_Guide/Using_Custom_SSL_Certificates1.html

TL; DR: you don't need to combine any Comodo files, just use your # 4 file, your secret key and your passphrase (if you have one)

+2
source

Right!

First combine the publication with the package:

cat dom_com.crt dom_com.ca-bundle >> dom_com.ALL.bundle

and download both:

 rhc alias update-cert app dom_com \ --certificate dom_com.ALL.bundle \ --private-key dom_com.key

And then you get A at https://www.ssllabs.com/ssltest/

+1
source

You need to combine 1,2 and 3 into one certificate of the chain (in the correct order) and load them into the certificate field of the chain, the key is in the key field, and myApp.crt is sent to the certificate field.

0
source

I had a similar problem, and after some emails with the issuance of the certificate, I helped me combine the certificate of my site with the certificate chain in one file and upload it to the "SSL Certificate" field in OpenShift, I left the "SSL Certificate Chain" field empty, but Of course, I uploaded my public key in the "Private Private Certificate" field.

0
source

Source: https://habr.com/ru/post/1203327/

More articles:


All Articles