Apple-iOS-MDM-Server icon indicating copy to clipboard operation
Apple-iOS-MDM-Server copied to clipboard

Published 20 hours ago verified publisher icon vineetchoudhary

Which files for starting Step #9

Open slthomason opened this issue 6 years ago • 11 comments

In step #9: "Go to the scripts directory and rename the different part of your domain SSL certificate as following - Rename your Certificate Authority (CA) certificate to cacert.crt, identity.crt and server.crt (Same file with three different name). Your CA cetificate content looks like this ..."

What file is the CA cert? Which file from steps 1-8 are we renaming to the same 3 files?

Are we supposed to run this script to create the files first: https://github.com/intrepidusgroup/imdmtools/blob/master/Tools/server/certs/make_certs.sh

slthomason avatar Sep 05 '18 05:09 slthomason

I am not sure where these files came from for step #9:

openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt

slthomason avatar Sep 05 '18 06:09 slthomason

Hi,

What file is the CA cert? Which file from steps 1-8 are we renaming to the same 3 files? We are not renaming any file from step 1 to 8. CA certificate is a part of your domain SSL certificate. Your domain administrator can provide you these files. Like for github.com - screen shot 10

So, In step 9, you need to rename your existing SSL certificate -

  • Rename your Certificate Authority (CA) certificate to cacert.crt, identity.crt and server.crt (Same file with three different names).
  • Rename your server Certificate Signing Request (CSR) file to identity.csr.
  • Rename your server SSL certificate private key to cakey.key, server.key and identity.key (Same file with three different names).

vineetchoudhary avatar Sep 05 '18 06:09 vineetchoudhary

When I download our CA Cert from GoDaddy ... It comes with 2 files - both .crt. One is a single and one is a bundle. Where and how do I generate the identity.csr and the other 3 .key files?

slthomason avatar Sep 05 '18 13:09 slthomason

One of them must contain the content of all 3 files. You can open these file in any text editor.

Certificate Authority (CA) content will look like this

-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIJALJxXxDRdGWNMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIE.................................
.............................pyoNqhOasNUfoAbPgmXt+zXiy9AZWOds6Dc
PtRTSsEEfATviu+nd7jrjS6AW/g4UKBorujxHYtGoqVfNx6aCqHMS+gmH0JbSnX9
-----END CERTIFICATE-----

Certificate Signing Request (CSR) content will look like this

-----BEGIN CERTIFICATE REQUEST-----
MIIDAzCCAesCAQAwgaIxCzAJBgNVBAYTAkFVMRgwFgYDVQQIDA9Tb3V0aCBBdXN0
cmFsaWExETAPBgNVBAcMC...........................................
...........................mqeUCKtYnoCE/zkUUPErkHq4dWo3f+JGPC4Dt
Onj3dUOtkKJifHw0iknYl+fIMnoYfRsVKQ9d3GVKGqb/A4s4qFzbQWbU1rNq9Sx9
mZgrKORxjA==
-----END CERTIFICATE REQUEST-----

SSL certificate private key content will look like this

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD2Xh1z9I4rWZ9J
t5EyoJtH2ImS7UQo5bABItKkYFjP50towTD4+k2PfgPZCRJ3kDSlOVSLHzfD57qB
kCv/UG29nbbIkFH6aqjhfaj.........................................
.................................j8yc3sduzKMd+KoZGGLzEhB/JEFTrHn
jWwvMQENHRawj/Jocsc0PUA=
-----END PRIVATE KEY-----

vineetchoudhary avatar Sep 06 '18 04:09 vineetchoudhary

Sorry - just to clarify.

One of the 2 files that I download comes with 1 cert in it. This is the file CA Cert that I duplicate into three copies of files named cacert.crt, identity.crt and server.crt.

Then the other .crt file that has the "bundle" in the filename - that I piece out the indetity.csr file from the section above, and then the other section that has the SSL private keys I part out and make those cakey.key, server.key and identity.key?

The directions above weren't super clear.

slthomason avatar Sep 06 '18 05:09 slthomason

Yes, because different platform manages SSL certificate differently, that's why I added the content of the different certificate file.

BTW, thanks for clarifying. Someone may find this helpful who is using GoDaddy. Also, you can write the Step 9 for GoDaddy. I'll add that in my article. 😄

vineetchoudhary avatar Sep 06 '18 06:09 vineetchoudhary

It might be helpful to write up directions for a brand new cert as the rest of your directions have been spot on.

Spencer

On Wed, Sep 5, 2018 at 11:14 PM Vineet Choudhary [email protected] wrote:

Yes, because different platform manages SSL certificate differently, that's why I added the content of the different certificate file.

BTW, thanks for clarifying. Someone may find this helpful who is using GoDaddy.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vineetchoudhary/Apple-iOS-MDM-Server/issues/2#issuecomment-418976933, or mute the thread https://github.com/notifications/unsubscribe-auth/AB0TcsszSOAUC4ekn0f9ct5jPQnQ_bJoks5uYL0vgaJpZM4WaN3o .

slthomason avatar Sep 06 '18 15:09 slthomason

Yes, that will be helpful if you are a full stack developer. But in most of the case, these certificate managed by backend developer.

vineetchoudhary avatar Sep 07 '18 06:09 vineetchoudhary

@vineetchoudhary is it possible to use self-signed SSL-certificates for the server? Will it work?

ulian-onua avatar Oct 29 '18 15:10 ulian-onua

Hi @ulian-onua,

Yes, you can use self-signed SSL-Certificates.

vineetchoudhary avatar Oct 30 '18 06:10 vineetchoudhary

@vineetchoudhary thank you

ulian-onua avatar Oct 30 '18 08:10 ulian-onua