Skip to main content
Question

SSL Cert problems with Go Daddy cert

  • March 20, 2014
  • 4 replies
  • 23 views
J
Forum|alt.badge.img+2

I am brand new to using casper and have minimal experience with installing certificates. We have been trying to get a cert installed but it keeps failing.

I followed this guide https://jamfnation.jamfsoftware.com/article.html?id=115. We are running JSS 9.24 on CentOS 6.4. The tomcat directory is located /usr/local/jss/tomcat. I go through all the steps of that guide and everything looks good from the Apache Tomcat Settings in the UI. I restart tomcat and port 8443 does not start listening. I am a little confused about root and intermediate certificates. Do I need to import them? When I get the cert from godaddy, it comes with 3 .crt files (gd_bundle-g2-g1.crt,gdig2.crt, and a 14randomcharacters.crt), I imported the 14randomcharacters.crt and changed the server.xml to look for the keystore file in /usr/local/jss/tomcat/keystore.jks. I also left all of the .crt files in the tomcat directory.

Any pointers?

    S

    4 replies

    J
    Forum|alt.badge.img+2
    • justinlarson
    • Author
    • New Contributor
    • April 3, 2014

    Just a follow up in case anybody else runs into this problem. We had a call with JAMF support and we tried multiples ways of importing the certs from GoDaddy and none of them worked. We believe that there was a problem with the cert being SHA2 and it not importing it right. We ended up using a cert from another company and had it working in ten minutes so it was definitely a problem with the GoDaddy cert.

    M
    Forum|alt.badge.img+7
    • matt_jamison
    • Contributor
    • April 8, 2014

    I'm using a GoDaddy cert and not running into any problems.

    B
    Forum|alt.badge.img+1
    • Boyle
    • New Contributor
    • April 22, 2014

    I was having an issue importing my GoDaddy certs as well. I originally followed the steps in Enabling SSL on Tomcat with a Public Certificate (https://jamfnation.jamfsoftware.com/article.html?id=115) to no avail. So I walked through the steps with GoDaddy and when I got to importing the certs (step 6), I ended up following the steps on GoDaddy's website (http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4x5x6x7x)

    Before starting the import I downloaded my certs from my account at GoDaddy as well as needing to download the GoDaddy root cert, gdroot-g2.crt from their repository (https://certs.godaddy.com/anonymous/repository.pki). Then I had to import that root cert first with alias root:

    /path/to/keytool -import -alias root -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/gdroot-g2.crt

    Next, I had to import the intermediate from my certificate downloads (gdig2.crt) with alias intermed:

    /path/to/keytool -import -alias intermed -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/gdig2.crt

    Finally, I had to import my issued certificate (which is named as the serial number of the cert) with alias tomcat:

    /path/to/keytool -import -alias tomcat -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/issuedcert.crt

    Then I went back to the jamf article and edited my server.xml file to reference the new keystore and my keystore password and restarted tomcat.

    B
    Forum|alt.badge.img+1
    • Boyle
    • New Contributor
    • May 29, 2014

    To add to this, and maybe it is only for the Godaddy certs, when you create a new pre-stage enrollment, you have to add the Goddaddy cert to anchor certificate, otherwise the iPads will not receive the configuration.

    Terms & ConditionsCookie settingsAccessibility statement