CSR generation via CLI for GoDaddy

[Big D]

First attempt at this. Attempting to generate a CSR in 2048 encryption for GoDaddy SSL certificates. UT said they would try to add this feature in a future update. Bug# 6517

As root I did these commands.

Code:

openssl genrsa -des3 -out domainname.key 2048

Code:

openssl req -new -key domainname.key -out domainname.csr

I then connected to the UT box via PuTTy and SSH and pico the domainname.csr file copied the encrypted text out into a godaddy CSR request form and hit submit. GoDaddy accepted this and re-keyed the certificate and spat out a apache certificate I downloaded opened in notepad then pasted the contents into the UT web GUI config > administration > certificates > import > domain certificate and intermediate certificate.

Lost connection and have not been able to reconnect to web GUI. Restart UT and try again, still no luck.

Next attempt I will try to import the certificate via CLI instead of using the web GUI. For testing I am using a production UT backup config on a spare UT box I install version 6.2 install packages then apply the restore. I then upgrade to version 7.0 then proceed to generate a CSR and re-key an existing certificate for this site. Download certificate and attempt to apply. It is worth mentioning that within the web GUI there is also a self signed certificate generated, no clue if that may cause problems.

Any suggestions?

[rbscott]

This has been fixed in 7.1. Fresh Installs in the next version will generate 2048 bit certs. If you want to do it manually, you can run this patch. This patch will invalidate your existing cert, so make sure to backup any purchased certificates before running it.

curl http://www.untangle.com/download/pat....0/update_cert | dash

[Big D]

Ran command and then generated a CSR via web GUI.

GoDaddy took it with no errors and UT installed the certificate with no issue.

[juank]

Awesome ! Finally. I will test this now... i've been waiting for so long !

[db1047]

This has been fixed in 7.1. Fresh Installs in the next version will generate 2048 bit certs. If you want to do it manually, you can run this patch. This patch will invalidate your existing cert, so make sure to backup any purchased certificates before running it.

curl http://www.untangle.com/download/pat....0/update_cert | dash

Hi,

I have a Untangle 7.0.1 installed. Still trying to get the Godaddy cert installed. Must you do a CSR and rekey? Have existing cert that I want to use on UT. Tried installing but UT keeps on using the default self signed cert.

Thanks

[gmetz]

I was able to run the update yesterday and generate a CSR. When I submit the request to GoDaddy, they respond with "We have received a Certificate Signing Request for the following domain: untangle". In my Configuration->Administration screen->Public Address I'm using External IP Address. Should I change this to Use Hostname and rekey the cert? I know a certificate can't be issued to an IP it must be issues to an FQDN. Thanks for your help.

[rbscott]

Hi,

I have a Untangle 7.0.1 installed. Still trying to get the Godaddy cert installed. Must you do a CSR and rekey? Have existing cert that I want to use on UT. Tried installing but UT keeps on using the default self signed cert.

Thanks

This was fixed in 7.1, you have to do the rekey in order to make it work in 7.0. 7.1 is available for a download as a beta right now. You can try it out if you like.

[Big D]

I think the CSR looks for the hostname of the server. Not sure if that configuration setting would affect the CSR generation.