I’m following this how-to to setup SSL for my spiceworks helpdesk. This is the first time I’ve ever purchased or installed a SSL certificate.
I was slightly confused when my Certificate Authority (register.com) sent me 4 security certificates instead of two. The files I received were:
UTNAddTrustServer_CA.crt
AddTrustExternalCARoot.crt
MY.DOMAIN.COM.crt
RegistercomSSLServicesCADV.crt
Based on the how-to, I should have one SSL Certificate for my site, and one Intermediate SSL certificate, both of which need to be in .pem format.
First off, I converted all the crt files to pem files using OpenSSL and the following commands:
openssl x509 -in mycert.crt -out mycert.der -outform DER
openssl x509 -in mycert.der -inform DER -out mycert.pem -outform PEM
Then I assumed that the certificate MY.DOMAIN.COM.pem was the certificate for my site so I put it in the \httpd\ssl\ directory of the spiceworks installation and renamed it to ssl-cert.pem. Then I assumed that the certificate RegistercomSSLServicesCADV.pem was the intermediate certificate so I put it in the same directory and named it ssl-intermediate.pem. After this, I edited the httpd.conf file as directed in the how to. After doing this, Spiceworks will not start anymore. as soon as I undo the changes to the httpd.conf file, everything works again, but I obviously still get an untrusted certificate error because the chain file isn’t present.
Any ideas why making this modification to the httpd.conf file would cause spiceworks not to run? I double checked my spelling multiple times and tried the other certificates all with no luck.
Any help would be appreciated.
5 Spice ups
dabeast
(da Beast)
2
I don’t recall needing to change the .conf file or adding the ssl-intermediate.pem file - I have a batch file I run every time I need to update my ssl certs for Spiceworks. When I get to a location where I can access the batch file (can’t do it from this clients location) then I can give you the commands I use.
dabeast
(da Beast)
3
Here is the batch file I run - %1 is the first param when calling it - point it to your cert.
if %1!==! goto end
"C:\Program Files\Spiceworks\bin\openssl.exe" pkcs12 -in %1 -nodes -nocerts -out "C:\Program Files\Spiceworks\httpd\ssl\ssl-private-key.pem"
"C:\Program Files\Spiceworks\bin\openssl.exe" pkcs12 -in %1 -clcerts -nokeys -out "C:\Program Files\Spiceworks\httpd\ssl\ssl-cert.pem"
"C:\Program Files\Spiceworks\bin\openssl.exe" rsa -in "C:\Program Files\Spiceworks\httpd\ssl\ssl-private-key.pem" -out "C:\Program Files\Spiceworks\httpd\ssl\ssl-private-key.pem"
"C:\Program Files\Spiceworks\bin\openssl.exe" rsa -text -in "C:\Program Files\Spiceworks\httpd\ssl\ssl-private-key.pem"
:end
Thanks! I’ll try this later today and see what happens.
Well before I got a chance to try your batch file, Chrome and Internet Explorer started recognizing the SSL certificate. Firefox still says “The certificate is not trusted because no issuer chain was provided” though. I’m going to continue troubleshooting with my certificate issuer.
Thanks again.
