Update Spiceworks SSL certificate with .crt files?

Noiden · 2015-04-14T10:01:29.000Z

Hi,

I have renewed our ssl certificate from GoDaddy and I downloaded them for apache and got two .crt files,

sf_bundle-g2-g1.crt and one “random stuff”.crt.

I just used openssl and converted them to .pem files,

sf_bundle > ssl-cert.pem and “random stuff”.crt > ssl-private-key.pem

But then Spiceworks server didn’t start and I got the following error in the apache error.log,

[Tue Apr 14 13:22:37 2015] [error] Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/Program Files (x86)/Spiceworks/httpd/ssl/ssl-private-key.pem)

I have searched some guides, but I just find guides that’s helps to export from IIS and with pfx files.

Kind Regards,

Noiden

matts · 2015-04-14T14:08:22.000Z

Did you backup your old certs? Can you restore them until we get this straightened out?

From the sounds of it, the sf_bundle-g2-g1.crt was the intermediate cert, and the “random stuff”.crt was your actual cert. The private key should be generated when you generate the CSR, not downloaded from the registrar. If you don’t have a backup of this, you’ll need to generate a whole new cert request for the registrar .

Let me know if you have backups, and we can figure it out from there.

Noiden · 2015-04-15T06:39:59.000Z

Yepp, I copied over the backup cert’s again.

matts · 2015-04-15T13:25:38.000Z

From GoDaddy’s site, does it tell you which one is the cert, and which is the bundle/intermediate cert?

Noiden · 2015-04-15T17:47:31.000Z

No, but it must be the sf_bundle-g2-g1.crt

matts · 2015-04-20T12:40:39.000Z

Alright, you should be able to follow steps 5-ish+ in the How-To I linked to earlier.

Step 5 is download your cert. Then follow the rest of the steps (with the bundle being the intermediate pem). That should get you through the process. If it doesn’t, let me know!

Noiden · 2015-04-21T12:36:07.000Z

Hmm, I don’t have any .pem files I just got .crt and I don’t have the cert on any IIS and if I update the private key on the certificate on Godaddy it will break my certificate on my VPS? It’s a multiname certificate *.domain.xx.

matts · 2015-04-24T13:29:40.000Z

You shouldn’t need to generate a new CSR entirely. That would be Bad™.

The .crt files can be renamed to .pem, or run through OpenSSL to convert them . That should get you where you need to be for Spiceworks to be able to use them.

Noiden · 2015-04-28T07:22:21.000Z

I renamed the .crt file to .pem and copied to the folder and restarted Spiceworks. Now it works, I didn’t need to update the private key tough.

matts · 2015-04-28T14:10:11.000Z

Nor should you have to. The private key, once generated, shouldn’t need to be changed as long as the CSR is legit.

Glad we got it sorted!