03-09-2009 08:58 AM
Hi,
In response to my CSR, I've received files that need installing.
What files are needed. (Is it three CA, pri, pub!!).
How do I identify what file is what?
Thank you in advance.
SS
Solved! Go to Solution.
03-10-2009 10:07 AM
In some plaforms you concatenate the certs in certificate chain.
In ACE you need to import Certs individually. Once all certs are imported then only you can include them in chain group.
So the sequence will be
1.create keypair
2. create CSR & send to CA
3. Import Certs
4. creat chain group
Syed
03-09-2009 09:23 AM
To add to the above, my original CSR indicated the server is Apachi, (not ACE) as that would be a flexible one.
Thanks
SS
03-09-2009 10:19 AM
Add more to the above,
The certificate now comes in two parts (chained certs!!0.
I've been told to merge the two together and configure as one cert.
I need to confirm merged file is usable in ACE? And merging format is as below.
-----BEGIN CERTIFICATE-----
bla bla=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
bla bla=
-----END CERTIFICATE-----
Is any one able to advice please?
SS
03-09-2009 11:59 AM
If you created CSR on ACE then you must have created the keypair first. Creating that Keypair makes Public & Private Key Available to CA.
When you get Server cert back from CA, you just need to import certs. If you have a certificate chain then import all the certs individually in the chain
for example if two certs in chain are Intermediate.pem & xyz.pem then import them individually using
Crypto import terminal Intermediate.pem
Crypto import terminal xyz.pem
then create a chain-group with both certs as member
Crypto chaingroup xyz-chain
Cert Intermediate.pem
Cert xyz.pem
and then call it in the SSL service
ssl-proxy service SSL_SERVICE
key xyz.com-key.pem
cert xyz.pem
chaingroup xyz-chain
and then finally call it in the
class xyz-https
loadbalance vip inservice
loadbalance policy xyz-policy
loadbalance vip icmp-reply active
ssl-proxy server SSL_SERVICE
HTH
Syed
03-10-2009 02:56 AM
Syed,
Very helpfull info.
I have certs
I have server certs
and possibly ican also use a recognised CA name
Should there be an order for configuring what is listed first in the chain group. Asking this because, server team advice me that in one text file they include the certs and then the server certs.
Thank you SS
03-10-2009 10:07 AM
In some plaforms you concatenate the certs in certificate chain.
In ACE you need to import Certs individually. Once all certs are imported then only you can include them in chain group.
So the sequence will be
1.create keypair
2. create CSR & send to CA
3. Import Certs
4. creat chain group
Syed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: