snoopaloop
asked on
Godaddy Certificate must be converted into X.509 PEM format
Hi, I need a conversion tool for my standard crt certificate from GoDaddy. A simple google query just created more questions than answers. Please assist
either use openssl or https://www.sslshopper.com/ssl-converter.html to convert the certificate
It probably already is.
if you edit the cert file in notepad and it says -----BEGIN CERTIFICATE----- at the top, it's in PEM format already, job done :D
if it isn't, just double click it, Go to the details tab, and select "copy to file" - specify Base-64 encoded when asked for a selection, and it will save it in PEM for you.
if you edit the cert file in notepad and it says -----BEGIN CERTIFICATE----- at the top, it's in PEM format already, job done :D
if it isn't, just double click it, Go to the details tab, and select "copy to file" - specify Base-64 encoded when asked for a selection, and it will save it in PEM for you.
First off, I suggest check the .CRT if it is encoded in binary DER or as ASCII PEM. If it is in the former, then you need to convert to the latter (intended) ASCII PEM form. The steps shared in http://info.ssl.com/article.aspx?id=12149
Eventually the ASCII PEM is as shared by experts on the Base64 formatted content and with the appropriate hdr and footer for those content. Specific to GoDaddy, maybe you can catch this to eventually have each PEM generated manually (after using the Openssl) into a single combined PEM for the domain and bundled certificates http://community.sophos.com/t5/Sophos-gateway-protection/OpenSSL-Guide-to-convert-and-install-certificates-on-an-email/td-p/50454
Eventually the ASCII PEM is as shared by experts on the Base64 formatted content and with the appropriate hdr and footer for those content. Specific to GoDaddy, maybe you can catch this to eventually have each PEM generated manually (after using the Openssl) into a single combined PEM for the domain and bundled certificates http://community.sophos.com/t5/Sophos-gateway-protection/OpenSSL-Guide-to-convert-and-install-certificates-on-an-email/td-p/50454
ASKER
@David Johnson - I'm new to this. I went to the link but it's not clear what options I choose.
Capture.JPG
Capture.JPG
ASKER
@Dave Howe - The certificate contains begin certificate and end...
ASKER
I'm not sure why the Synology Diskstation does not accept the certificate if it is in the correct format.
So it is already in PEM format, try to strip all the text before "-----BEGIN CERTIFICATE-----" in the pem/crt file before importing it.
Regardless, also need to ensure the .key and the PEM crt are referred correctly as they are a pair of private and public keys e.g. ssl.crt (containing the public certificate for your host and of GoDaddy CA) and the private key of your host (inside the ssl.key)
---
About importing certificate:
If you have a certificate issued by the trusted Certificate Authority (CA), please click Import Certificate to upload your own certificate and private key in order to host a valid SSL server. The certificate should match the private key. Please keep your private key safely.
---
Regardless, also need to ensure the .key and the PEM crt are referred correctly as they are a pair of private and public keys e.g. ssl.crt (containing the public certificate for your host and of GoDaddy CA) and the private key of your host (inside the ssl.key)
---
About importing certificate:
If you have a certificate issued by the trusted Certificate Authority (CA), please click Import Certificate to upload your own certificate and private key in order to host a valid SSL server. The certificate should match the private key. Please keep your private key safely.
---
Where was the CSR created? if it wasn't on the final destination, then presumably you also need to obtain the private key (from wherever you generated the CSR) and convert that to PEM too...
ASKER
Sorry, I've been unable to get access to the computer with the certificate. I will try again this week.
ASKER
CSR was generated by the Synology box. No text before "Begin certificate"
GoDaddy1.JPG
Synology1.JPG
GoDaddy1.JPG
Synology1.JPG
ASKER
Attached is the synology interface...
synology2.JPG
synology2.JPG
you also need the godaddy root and intermediate certificates to be installed.
ASKER
That does not look like it was included in the godaddy1.jpg that I downloaded from Godaddy. Nor will the current one showing in that same attachment, process correctly when I upload.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Awesome! THat worked!!!
GoDaddy4.JPG
GoDaddy4.JPG
ASKER
Very complete answer. Thank you!!
ASKER
Hey, why do I still get a prompt from chrome saying this is not a secure site even with the certificate?
there is recent chrome update on SSL cert support SHA will have warning
http://googleonlinesecurity.blogspot.sg/2014/09/gradually-sunsetting-sha-1.html
http://googleonlinesecurity.blogspot.sg/2014/09/gradually-sunsetting-sha-1.html