SSL problem

[Ichigo]

While installing an SSL certificate I encountered a problem which I can't solve (been at it for a week now).

I requested an RSA key
I received an certificate
I installed the certificate and it didnt work.

As it was my first time setting up an ssl I tried the servers own certificate and the self signed certificate.

The problem now is installing my own certificate again. I lost the first RSA key.
And in the window where you paste the keys an old RSA key and certificate values are automaticly filled in.

For some reason requesting a new RSA key doesn't result in a new RSA in the paste certificate window.

How can I start all over again? I can't seem to remove all installed key's. Submitting an empty generated key window is'nt allowed.

 

[nobaloney]

By RSA Key you likely mean what's commonly called the Private Key. If you've truly lost the private key you may need to have the Certificate re-issued (see your Certificate issuer) because the Private Key and the Certificate must match up.

Are you sure the DirectAdmin window shows a different Private Key than the one you used to generate the Certificate? DirectAdmin doesn't generally change that, so it's possible it's still correct.

None of us can help you with the Certificate problem because and it didnt work simply isn't enough indication of any particular error.

Jeff

 

[Ichigo]

problem specified

What I would like most of all is to remove all certificate inputs, to start from scratch.

But what I need is a 'new' RSA private key. I didn't save the first one.

I can create a certificate request, which gives me a certificate request code.
If you do that for the first time an RSA private key is shown in the 'paste-pregenerated certificate and key' window.
The code from the issued certificate needs to be pasted after the RSA private key.

There is an RSA private key code in that window, but if I put the reissued certificate code behind the current RSA private key code, I get this message:
error using key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

 

[nobaloney]

DirectAdmin will use the Private Key already shown in the window when creating a new CSR. To get it to create a new Private Key, tell it to create a self-signed Certificate. That'll give you a new Private Key. Then with that Private Key create a new CSR, and have the Certificate reissued with the new CSR.

Some providers won't charge for the reissue others will (we do the reissue for free, if required, for Certificates ordered from us with Installation, but of course if we do the installation it generally works the first time or we figure it out ).

Jeff

 

[Ichigo]

Ssl

I have just requested an reïssued certificate again. What I noticed what that they didn't ask for a new key. So it could be that they just send the certificate again, based on the old RSA key.

I'll try to solve this first.

 

[Ichigo]

problem solved

Finally the problem is solved. The certificate works.

Still don't know exactly what went wrong, but this is what solved it:
I made a self signed certificate as mentioned above
Made a certificate request
Requested an reissue from the certificate provider
Pasted the certificate key after the RSA key from the self signed certificate

The certificate was accepted (CA certificate was allready installed)
And the https connection worked.

Strangely when I first asked an reissued certificate it was exactly the same as the first original certificate. This second reissued certificate is different from the original one and the first reissued certificate. It was accepted.

thanks for the help.

 

[nobaloney]

Strangely when I first asked an reissued certificate it was exactly the same as the first original certificate. This second reissued certificate is different from the original one and the first reissued certificate. It was accepted.

Not so strange if the second reissue was created from the changed Key file. Exactly as it should be.

You're very welcome; glad it works for you.

Jeff