Godaddy SSL Certificate Renewal/Rekey

olliehudgins
New Contributor

How To from Jamf Nation that has pretty much all the info you need to do in Jamf, but since we use Godaddy for our Certificate, there are some extra steps. https://www.jamf.com/jamf-nation/articles/115/enabling-ssl-on-tomcat-with-a-public-certificate

All of these Commands should be done on a Mac in Terminal.

Open the command prompt or Terminal.

Create a folder on your desktop named "Certs" and navigate to the directory using the following commands:

mkdir /path/to/Desktop/Certs
cd /path/to/Desktop/Certs
Generate a Private Key and CSR by executing a command similar to the following:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
When prompted, enter the appropriate information. The certificate authority (CA) administrator should be able to provide the desired values for these fields. Ensure that you use a fully qualified domain name (FQDN), "[Your Jamf on prem URL]". Note: These values will also be used to generate a self-signed certificate in the new private key. Using a self-signed certificate may result in the "Safari/Firefox can't verify the identity of the website <jamf.mycompany.com>" message unless the client machines have been advised to trust this self-signed certificate.

Send the CSR you just created to a valid CA (public or internal). You should receive a .crt, .cer, or .pem file in return. See your CA vendor’s documentation for more information. (I did this step, because I needed to Rekey this certificate as the original private key was lost. )
Under your certificate in Godaddy, there is a section to "Rekey" and you will paste the CSR you created from the first terminal command in there. It should only take a minute for the Pending status to go away and you can initially download your certificate.

  1. Download the Certificate from Godaddy's website for Tomcat. It will come in a Zip Folder.

Put all the files in the folder on your desktop called Certs.

  1. If you receive individual certificates from the certificate authority: Run this command in Terminal on your Mac.

openssl pkcs12 -export -out SSLCertificate.p12 -inkey privateKey.key -in [your random string of characters].crt -certfile gd_bundle-g2-g1.crt

Descriptions of those commands

-out SSLCertificate.p12 = The file that will be spit out at the end of this process (no need to change)

--inkey privateKey.key = The file in your certs folder that was created with the first command in terminal (no need to change)

-in [random string of characters].crt = The random character Server Key that comes in 2 file types (.crt and .pem) This will change each time you download it from Godday after a renewal or a rekey. (This will need to be changed in the command that you run, to whatever the new string of characters is)

-certfile gd_bundle-g2-g1.crt = This is the intermediate certificate that has certain aspects of this bundled up. This will be a file that comes from the go daddy Zip folder.

This will then ask you for an "Export Password"
Which will be the password used to create the private key.

It will then spit out a SSLCertificate.p12 file.

This will be uploaded into Jamf Pro in the Apache Tomcat Settings.

When the “Passcode” section comes up, it will be the same SSL Cert Private Key

Then Reboot Jamf with the command

sudo jamf-server reboot

1 REPLY 1

sslseller
New Contributor

Thank you for the informative blog post on renewing or rekeying SSL certificates with GoDaddy. I found the step-by-step instructions very helpful and easy to follow. It's essential to keep SSL certificates up to date to ensure website security and avoid any potential warnings or errors for website visitors.