- Jamf Nation Community
- Products
- Jamf Pro
- Re: SSL Cert problems with Go Daddy cert
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SSL Cert problems with Go Daddy cert
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-20-2014 01:46 PM
I am brand new to using casper and have minimal experience with installing certificates. We have been trying to get a cert installed but it keeps failing.
I followed this guide https://jamfnation.jamfsoftware.com/article.html?id=115. We are running JSS 9.24 on CentOS 6.4. The tomcat directory is located /usr/local/jss/tomcat. I go through all the steps of that guide and everything looks good from the Apache Tomcat Settings in the UI. I restart tomcat and port 8443 does not start listening. I am a little confused about root and intermediate certificates. Do I need to import them? When I get the cert from godaddy, it comes with 3 .crt files (gd_bundle-g2-g1.crt,gdig2.crt, and a 14randomcharacters.crt), I imported the 14randomcharacters.crt and changed the server.xml to look for the keystore file in /usr/local/jss/tomcat/keystore.jks. I also left all of the .crt files in the tomcat directory.
Any pointers?
Labels:
- Labels:
-
Tips & Tricks
Reply
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-03-2014 10:10 AM
Just a follow up in case anybody else runs into this problem. We had a call with JAMF support and we tried multiples ways of importing the certs from GoDaddy and none of them worked. We believe that there was a problem with the cert being SHA2 and it not importing it right. We ended up using a cert from another company and had it working in ten minutes so it was definitely a problem with the GoDaddy cert.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2014 05:33 PM
I'm using a GoDaddy cert and not running into any problems.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-22-2014 08:57 AM
I was having an issue importing my GoDaddy certs as well. I originally followed the steps in Enabling SSL on Tomcat with a Public Certificate (https://jamfnation.jamfsoftware.com/article.html?id=115) to no avail. So I walked through the steps with GoDaddy and when I got to importing the certs (step 6), I ended up following the steps on GoDaddy's website (http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-t...)
Before starting the import I downloaded my certs from my account at GoDaddy as well as needing to download the GoDaddy root cert, gdroot-g2.crt from their repository (https://certs.godaddy.com/anonymous/repository.pki). Then I had to import that root cert first with alias root:
/path/to/keytool -import -alias root -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/gdroot-g2.crt
Next, I had to import the intermediate from my certificate downloads (gdig2.crt) with alias intermed:
/path/to/keytool -import -alias intermed -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/gdig2.crt
Finally, I had to import my issued certificate (which is named as the serial number of the cert) with alias tomcat:
/path/to/keytool -import -alias tomcat -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/issuedcert.crt
Then I went back to the jamf article and edited my server.xml file to reference the new keystore and my keystore password and restarted tomcat.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2014 10:04 AM
To add to this, and maybe it is only for the Godaddy certs, when you create a new pre-stage enrollment, you have to add the Goddaddy cert to anchor certificate, otherwise the iPads will not receive the configuration.
