SSL Cert problems with Go Daddy cert

justinlarson
New Contributor

I am brand new to using casper and have minimal experience with installing certificates. We have been trying to get a cert installed but it keeps failing.

I followed this guide https://jamfnation.jamfsoftware.com/article.html?id=115. We are running JSS 9.24 on CentOS 6.4. The tomcat directory is located /usr/local/jss/tomcat. I go through all the steps of that guide and everything looks good from the Apache Tomcat Settings in the UI. I restart tomcat and port 8443 does not start listening. I am a little confused about root and intermediate certificates. Do I need to import them? When I get the cert from godaddy, it comes with 3 .crt files (gd_bundle-g2-g1.crt,gdig2.crt, and a 14randomcharacters.crt), I imported the 14randomcharacters.crt and changed the server.xml to look for the keystore file in /usr/local/jss/tomcat/keystore.jks. I also left all of the .crt files in the tomcat directory.

Any pointers?

4 REPLIES 4

justinlarson
New Contributor

Just a follow up in case anybody else runs into this problem. We had a call with JAMF support and we tried multiples ways of importing the certs from GoDaddy and none of them worked. We believe that there was a problem with the cert being SHA2 and it not importing it right. We ended up using a cert from another company and had it working in ten minutes so it was definitely a problem with the GoDaddy cert.

matt_jamison
Contributor

I'm using a GoDaddy cert and not running into any problems.

Boyle
New Contributor II

I was having an issue importing my GoDaddy certs as well. I originally followed the steps in Enabling SSL on Tomcat with a Public Certificate (https://jamfnation.jamfsoftware.com/article.html?id=115) to no avail. So I walked through the steps with GoDaddy and when I got to importing the certs (step 6), I ended up following the steps on GoDaddy's website (http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-t...)

Before starting the import I downloaded my certs from my account at GoDaddy as well as needing to download the GoDaddy root cert, gdroot-g2.crt from their repository (https://certs.godaddy.com/anonymous/repository.pki). Then I had to import that root cert first with alias root:

/path/to/keytool -import -alias root -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/gdroot-g2.crt

Next, I had to import the intermediate from my certificate downloads (gdig2.crt) with alias intermed:

/path/to/keytool -import -alias intermed -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/gdig2.crt

Finally, I had to import my issued certificate (which is named as the serial number of the cert) with alias tomcat:

/path/to/keytool -import -alias tomcat -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/issuedcert.crt

Then I went back to the jamf article and edited my server.xml file to reference the new keystore and my keystore password and restarted tomcat.

Boyle
New Contributor II

To add to this, and maybe it is only for the Godaddy certs, when you create a new pre-stage enrollment, you have to add the Goddaddy cert to anchor certificate, otherwise the iPads will not receive the configuration.