Results 1 to 8 of 8
  1. #1
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    716

    Default CSR generation via CLI for GoDaddy

    First attempt at this. Attempting to generate a CSR in 2048 encryption for GoDaddy SSL certificates. UT said they would try to add this feature in a future update. Bug# 6517

    As root I did these commands.

    Code:
    openssl genrsa -des3 -out domainname.key 2048
    Code:
    openssl req -new -key domainname.key -out domainname.csr
    I then connected to the UT box via PuTTy and SSH and pico the domainname.csr file copied the encrypted text out into a godaddy CSR request form and hit submit. GoDaddy accepted this and re-keyed the certificate and spat out a apache certificate I downloaded opened in notepad then pasted the contents into the UT web GUI config > administration > certificates > import > domain certificate and intermediate certificate.

    Lost connection and have not been able to reconnect to web GUI. Restart UT and try again, still no luck.

    Next attempt I will try to import the certificate via CLI instead of using the web GUI. For testing I am using a production UT backup config on a spare UT box I install version 6.2 install packages then apply the restore. I then upgrade to version 7.0 then proceed to generate a CSR and re-key an existing certificate for this site. Download certificate and attempt to apply. It is worth mentioning that within the web GUI there is also a self signed certificate generated, no clue if that may cause problems.

    Any suggestions?

  2. #2
    Untangler
    Join Date
    Dec 2006
    Posts
    23

    Default

    This has been fixed in 7.1. Fresh Installs in the next version will generate 2048 bit certs. If you want to do it manually, you can run this patch. This patch will invalidate your existing cert, so make sure to backup any purchased certificates before running it.

    curl http://www.untangle.com/download/pat....0/update_cert | dash

  3. #3
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    716

    Default worked

    Ran command and then generated a CSR via web GUI.

    GoDaddy took it with no errors and UT installed the certificate with no issue.

  4. #4
    Untangle Ninja juank's Avatar
    Join Date
    Aug 2007
    Location
    Athens
    Posts
    1,474

    Default

    Awesome ! Finally. I will test this now... i've been waiting for so long !
    --------------------------------
    Juan Machado
    --------------------------------

  5. #5
    Untanglit
    Join Date
    Jan 2009
    Posts
    20

    Default

    Quote Originally Posted by rbscott View Post
    This has been fixed in 7.1. Fresh Installs in the next version will generate 2048 bit certs. If you want to do it manually, you can run this patch. This patch will invalidate your existing cert, so make sure to backup any purchased certificates before running it.

    curl http://www.untangle.com/download/pat....0/update_cert | dash
    Hi,

    I have a Untangle 7.0.1 installed. Still trying to get the Godaddy cert installed. Must you do a CSR and rekey? Have existing cert that I want to use on UT. Tried installing but UT keeps on using the default self signed cert.

    Thanks

  6. #6
    Newbie
    Join Date
    Sep 2009
    Posts
    9

    Default

    I was able to run the update yesterday and generate a CSR. When I submit the request to GoDaddy, they respond with "We have received a Certificate Signing Request for the following domain: untangle". In my Configuration->Administration screen->Public Address I'm using External IP Address. Should I change this to Use Hostname and rekey the cert? I know a certificate can't be issued to an IP it must be issues to an FQDN. Thanks for your help.

  7. #7
    Untangler
    Join Date
    Dec 2006
    Posts
    23

    Default

    Quote Originally Posted by db1047 View Post
    Hi,

    I have a Untangle 7.0.1 installed. Still trying to get the Godaddy cert installed. Must you do a CSR and rekey? Have existing cert that I want to use on UT. Tried installing but UT keeps on using the default self signed cert.

    Thanks
    This was fixed in 7.1, you have to do the rekey in order to make it work in 7.0. 7.1 is available for a download as a beta right now. You can try it out if you like.

  8. #8
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    716

    Default

    I think the CSR looks for the hostname of the server. Not sure if that configuration setting would affect the CSR generation.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2