Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 13686 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate Install/Combination

BlueRue

I am trying to install a comodo positive ssl certificate on my UTM, and I have generated the key and csr following this:

http://community.sophos.com/kb/en-US/115976

I then sent the csr to the cert agency and they sent back 4 files:

AddTrustExternalCARoot.crt

COMODOAddTrustCA.crt

COMODORSADomainValidationSecureServerCA.crt

sub.domain.com.crt

Do I need to use all these files? If so in what order do I need to put them when I combine them.

I found this: https://www.sophos.com/en-us/support/knowledgebase/118084.aspx 

but it doesn't say what files to combine/use...

Can anyone offer a little more clarity/guidance?



This thread was automatically locked due to age.
  • 0

    You should import first three certificates (root and two intermediates) into Certificate Management -> Certificate Authority:



    sub.domain.com.crt should be imported into Certificate Management -> Certificates.

  • 0 in reply to vilic

    So those directions were making things more complicated than they needed to be?

    So I have imported everything like above:

    And my sub.domain.com.crt into the Certificate tab,

    However I do not have the option to use that crt for the webadmin and user portal only the self generated one, anything I'm missing?

  • 0

    So I combined all the Comodo certs in this order using the cat command:

    cat sub.domain.com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >combined.crt

    Edit: I have removed the AddTrustExternalCARoot.crt in the combination process I heard it was recommended to leave it out unless you get error so I recombined without it and I am not receiving any errors.. So I am leaving it out you may add it if you choose, if you choose to add it the list looks like this:

    cat sub.domain.com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt  >combined.crt

    Once they where combined I then used the following command to make a .p12 file :

    openssl pkcs12 -export -in combined.crt -inkey privkey.pem -out sub.domain.com.p12

    I imported the .p12 file into the "Certificate" area and I was then able to select the Comodo Cert for the WebAdmin/User Portal.

    Because the combined.crt contains all the authority validation certs you do not have to import them into the certificate authority area.

Unfiltered HTML