On Wed, Nov 26, 2014 at 7:21 PM, Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > To whom it may concern, > > On 11/26/14 12:00 PM, Kernel freak wrote: > > On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > To whom it may concern, > > > > On 11/26/14 9:03 AM, Kernel freak wrote: > >>>> After arguing with the admins for all this time, I finally > >>>> have the few files ready. I have the following files : > >>>> > >>>> keystore.p12 > > > > That should contain your key. Can you confirm that with a 'keytool > > -list'? > > > >>>> server.crt > > > > Is this the certificate that was signed by the CA? > > > >> Yes, this is certificated signed by CA, but its a > >> servercertificate, the domain certificate is below. > This server.crt is provided by the hosting guys. I told them I will need a certificate for the server on which my domain is hosted, and i got this file. > > I have no idea what a "domain certificate" is. A cert is a cert, and > it's signed by another cert all the way up to a root cert, known as a > CA who has widespread trust. > > Hi, Domaincertificate is the one which I want to deploy. It is the one provided by CA authority. > >>>> ssl-cert-snakeoil.key > > > > Uh, oh. That looks like one of OpenSSL's built-in CAs that are > > used for documentation and instructional purposes. I hope this > > isn't being used for anything at all. > > > >>>> domainname.com.ca-bundle > > > > This should be the bundle of certificates for your domain, which > > may include intermediate certificates. Are you using your own > > internal CA or something? > > > >>>> domainname.com.crt > > > > Which certificate is this? > > > >> This is the SSL certificate which has to be deployed. > > > > > >>>> domainname.com.csr > > > > Is this the CSR that you generated yourself? > > > >> No, this is also provided by hosting guys > > So, did your "hosting guys" generate everything for you, then? It's > customary to create your own key and CSR and then merely have the CA > sign the CSR which results in your certificate. You import your > certificate and, if necessary, any intermediate certificates your > clients will require to form a trust chain from your server's cert up > to the root that the client trusts. > > Hosting guys only generated the server.crt, and domainname.crt was provided by trusted authority. Can you tell me why the commands you provided/same on apache user guide are not working, showing me the error that unable to load certificates? > Thank you for your patience. >