SSL Certificate for web, and You used CSR from Mac Now what?

Day before We placed a order for SSL for one of our client, we did something wrong, but seems it wasn't

5.0/5 rating (1 votes)
SSL Certificate for web, and You used CSR from Mac Now what?
SSL Certificates are key point to your web presence, and requires for building the trust with your visitors that your identity is verified and your connection to user is encrypted with strong encryption algorithm. similarly Facebook has also made it compulsory for many of its integrated use for website applications.
We have our client Bollywood Journalist who required the same kind of SSL certificate to secure their site (We used SSL123 Cert), we placed an order day before and submitted the request. Procedure for ordering SSL involves making CSR (Certificate Signing Request). As an "Apple Developer" I knew we can Generate CSR from Mac using Certificate Assistant and I made use of that, 
Steps to Create CSR.
  1. Open Keychain Access
  2. Go to Keychain menu and then select Certificate Assistant -> Request Certificate from Certificate Authority
  3. Follow the procedure by entering  your email address, Common Name(It shall be the Domain Name, make sure you put proper varient like www or no www as per your requirement), and CA email address, CA email id can be your domain owner's technical/admin contact
  4. Select Save to Disk and you can continue
  5. Give the name  and  save it, So finally CSR was ready.
After doing it we submitted the same to Webhosting company, they took the CSR and also taken more information about the other formal organisation & contact details. (It shall match to your whois record)
Once that done They will take your CSR and send one formal Approval Email to email registered with your domain name's Whois info as Technical or Admin email address.
You need to approve this to proceed further. After approval sit back for while after few hours it was done, and Certificate was issued.
This certificate doesn't look like any other certificate that you think but its a plain RSA Encrypted String, and that has to be installed on your domain. Second requirement, you must have when you have SSL is you must have dedicated IP address, as our client is on VPS, we didn't need to worry about it, as it was already on Dedicated IP Address.
We Logged in to WHM/cPanel and went straight to SSL/TLS Configuration, there we selected option for installing SSL certificate on Host. 
We entered domain name and paste the certificate in its field
but wait there was one field asking for Private Key and we stuck, we didn't knew what was Private Key? and where do we find it, I called the hosting company to help, they said it must be on server, but it's the case when you generate CSR from Webserver and we didn't do it from Server. 
We did it from my Macbook Pro, I explained him this, and then he said sorry sir in this case you will have to create CSR again from Server and ask for reissue of the Certificate.
I wasn't sure to go in that way (re-issue of certificate is free but again it would take ample amount of time). So I decided to find Private key by which CSR was generated, and then, our very own Friend Google came to help.
So basically when you create CSR, Macbook Create Private key in your keychain and stores it under login keychain. I tried to export that, by default it exports in p12 format, which wasn't the required out put, we need web server compliant format. So again I was stuck and once again Google helped us
Here is the way to convert your p12 to Webserver compliant format, use below command in Terminal to obtain the plain text private key
openssl pkcs12 -in yourprivatekey.p12 -nocerts -nodes | openssl rsa > yourprivatekey.txt
This will export your private key in text format, we used that and successfully installed the SSL on domain.
Thanks for Reading this, hope it helps if someone got stuck the same way.
5.0/5 rating (1 votes)
blog comments powered by Disqus