Author Topic: Adding third party web certificate to MAS  (Read 7881 times)

Offline jherlitz

  • Full Member
  • ***
  • Posts: 106
  • Karma: +0/-0
    • View Profile
Adding third party web certificate to MAS
« on: March 22, 2013, 10:55:05 AM »
I have a 3rd party certificate from GoDaddy.com.  Now, we created this on a server on our network and the certificate we have allows us to have up to 14 alt names.  This has worked great with my servers, OWA, cisco ASA/VPN, etc.

I am trying to add this to my MAS server as it has my UCA domain name and my AWC domain name as alt names.

So in MAS I go to web server certificate, I choose install web certificate and the next screen I choose "SSL Certificate" button and I point to the .crt file.  Then I click on the "ssl private key" button and I point to the .pfx file that I got off of IIS from the server I created the certificate from.  I choose Install web certificate.

I get the following error.

"The web server certificate provided does not match the private key on the system.  Perhaps the wrong certificate was supplied"  This error under "ssl certificate button"

Then

"An invalid private key file was provided on teh certificate installation form" under the "ssl private key" button.

From what I gather on this is that it might still be looking at private keys that are on the MAS server and not importing the new one that I am giving it?  During install they must have done a self signed certificate for the domain name of the uca server but doesn't have my awc domain name.  I want the third party one in so people never see a warning when going to the site.

Sorry I was so long winded but wanted to give the most information I can in hopes that someone might have some advice or directions for me.  Thanks for looking.


Offline johnp

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2202
  • Country: us
  • Karma: +66/-0
    • View Profile
Re: Adding third party web certificate to MAS
« Reply #1 on: March 22, 2013, 01:36:13 PM »
his may help

From my how to file:

Export the private key file from the pfx file

openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Export the certificate file from the pfx file

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

Remove the passphrase from the private key

openssl rsa -in key.pem -out server.key

Offline jherlitz

  • Full Member
  • ***
  • Posts: 106
  • Karma: +0/-0
    • View Profile
Re: Adding third party web certificate to MAS
« Reply #2 on: March 22, 2013, 05:14:49 PM »
That was it. I had a heck of a time teaching myself openssl, but figured it out.  Works great.

Thank you!

Offline johnp

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2202
  • Country: us
  • Karma: +66/-0
    • View Profile
Re: Adding third party web certificate to MAS
« Reply #3 on: March 22, 2013, 06:03:40 PM »
The last time I did, this, I think I copied the file to the MAS and did it on there in a new directory.

I also had trouble installing the gdbundle intermediate cert. Did you have the same thing?
« Last Edit: March 22, 2013, 06:16:24 PM by johnp »

Offline jherlitz

  • Full Member
  • ***
  • Posts: 106
  • Karma: +0/-0
    • View Profile
Re: Adding third party web certificate to MAS
« Reply #4 on: March 27, 2013, 03:02:11 PM »
@johnp - I didn't end up using the bundle, as once I had it all busted up, I used the .crt file for ssl certificate and the server.key file under ssl private key part.  Then it worked.  It will not use the bundled file.

Try busting them out.  If you have questions on how to do that with openssl, let me know, I documented how I did it for next time.


 

Sitemap 1 2 3 4 5 6 7 8 9 10