Sometimes when you get a new cert and try and upload to the Access Gateway it will fail. This is because the cert is not in the correct format/ or maybe corrupt. Heres how to generate the cert and keyfile if it is in the wrong format, from start to finish.
Section 1
To install Cygwin:
1 Use a web browser to navigate to www.cygwin.com and click Install
Cygwin Now.
2 Follow the on-screen instructions to open the setup installer.
3 In the Cygwin Setup dialog box, click Next.
4 Click Install from Internet and then click Next.
5 Accept the default root installation directory settings and then click Next.
6 Accept the default local package directory setting and then click Next.
7 In the Internet Connection screen, click Use IE5 Settings and then click
Next.
8 In the list of Available Download Sites, click ftp://ftp.nas.nasa.gov and
then click Next.
9 In the Select Packages screen, click the View button (upper-right corner).
10 Scroll the packages list to locate in the Package column openssl: The
OpenSSL runtime environment and openssl-devel: The OpenSSL
development environment.
11 In the New column for those two entries, click Skip.
The current version number of Cygwin appears.
12 Click Next to start the installation.
After Cygwin installs, you can generate the CSR.
To generate a CSR using the Cygwin UNIX environment:
1 Double-click the Cygwin icon on the desktop.
A command window opens with a UNIX bash environment.
2 To change to a particular drive, use the command: cd driveLetter:
3 At the $ prompt, type the following to generate a CSR:
openssl req -new -nodes -keyout privateKeyFilename out certRequestFilename
For example:
openssl req -new -nodes -keyout private.key -out public.csr
Status messages about the private key generation appear. You will be
prompted for information such as country name.
4 When prompted for the Common name, enter the DNS name of the AG.
The name that you enter will appear in the certificate and must match the
name expected by PCs that connect to the AG. Thus, if you alias DNS
names, you will need to use the alias name instead.
5 Submit your CSR (public.csr) to an authorized certificate provider such as
Verisign. When asked for the type of server that the certificate will be used
with, indicate Apache.
The certificate provider will return a Signed Certificate to you by e-mail
within several days.
If the cert doesnt upload to the CAG at this stage you need to create a .pem file.
Section 2
1.Create a new file (.pem) with notepad. Copy the contents of private key and signed certificate in the .pem file. Remove the squares in the private key file and use
-----BEGIN RSA PRIVATE KEY-----
KJHGDFIUUGQWFE7FJI3HF897FFHWFEJKAHFAKJFHQIUWYEFUIWEYF898937W2L3JFL33F3ETC ETC
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
KJHGDFIUUGQWFE7FJI3HF897FFHWFEJKAHFAKJFHQIUWYEFUIWEYF898937W2L3JFL33F3ETC ETC
-----END CERTIFICATE-----
4. Upload this file using the option "Upload private key and cert (pem)".
That should work and if it doesnt then your cert is probably faulty, go follow instructions in section 1 to create the certificate request.
No comments:
Post a Comment