API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 11th, 2015
249
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.97 KB | None | 0 0
raw download clone embed print report
  1. info: Please wait for a site operator to respond.
  2. info: You are now chatting with 'Aaron'
  3. Aaron: Hello
  4. Aaron: Welcome to COMODO Technical Support !
  5. Aaron: How may I assist you today ?
  6. you: Hello! My name is Artem.
  7. you: WE have Comodo EssentialSSL (Wildcard) for domain *.ekipazh-service.com.ua. We installed certificate and keys on two our servers (Linux Debian 7 + nginx 1.2 and Debian 7 + nginx 1.8). but have same problems:
  8. you: openssl s_client -connect ekipazh-service.com.ua:443
  9. you: depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.ekipazh-service.com.ua verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.ekipazh-service.com.ua verify error:num=27:certificate not trusted verify return:1 depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.ekipazh-service.com.ua verify error:num=21:unable to verify the first certificate verify return:1
  10. Aaron: EssentialSSL Wildcard Certificate for *.ekipazh-service.com.ua
  11. you: openssl s_client -connect m1.ekipazh-service.com.ua:443 depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.ekipazh-service.com.ua verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.ekipazh-service.com.ua verify error:num=27:certificate not trusted verify return:1 depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.ekipazh-service.com.ua verify error:num=21:unable to verify the first certificate verify return:1
  12. you: YES
  13. Aaron: hold on please let me check it.
  14. Aaron: may I know the exact sub-domain of ekipazh-service.com.ua ?
  15. you: for example m1.ekipah-service.com.ua. But we have same problems on both servers. Also, we can create addition subdomain to make tests.
  16. Aaron: On which server you have installed the certificate ?
  17. Aaron: May i know the exact web-server type pleasE?
  18. Aaron: Verify return code: 21 (unable to verify the first certificate)
  19. Aaron:
  20. Aaron: could you please let me know the web-server type
  21. Aaron: ?
  22. you: yes, i gethering info, one second
  23. Aaron: ok
  24. you: Server #1: Linux Debian 7.8 (Linux version 3.2.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) )) with web server NGINX 1.2.1. Server #2: Linux Debian 7.8 (Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u2 x86_64 GNU/Linux) with web server NGINX 1.8.0.
  25. Aaron: You MUST install the certificate onto the same web-server where you originally created CSR for *.ekipazh-service.com.ua.
  26. Aaron: So please confirm did you generate and install Certificate for *.ekipazh-service.com.ua on Apache (or) Nginx.
  27. you: I have to clarify this information, because I got RSA.KEY, SERVER.CRT, CA.CRT_BUNDLE from our security team. So, if we generate CSR request from Apache and installed it to Nginx we will have problems?
  28. Aaron: ok so you got the RSA private key along with it.
  29. Aaron: then no issues.
  30. Aaron: But the installation process of Nginx is different from Apache server.
  31. Aaron: I will provide you the certificate installation instructions URL for both server, please refer the instructions and install it.
  32. Aaron: Certificate Installation: Apache & mod_ssl
  33. you: WE tried to install certs according to instruction for NGinx, but no result.
  34. Aaron: Apache server requires, Domain Certificate (SERVER.CRT) and CA.CRT Bundle file
  35. Aaron: Whereas the Nginx its different.
  36. you: Yesterday we spend all day to install cert, according to instruction, but again no result
  37. Aaron: yes
  38. Aaron: hold on please
  39. Aaron: I have changed the certificate format based on Nginx and resent to p.tkachuk@ekipazh-service.com.ua
  40. Aaron: please download the new certificate zip file and extract it.
  41. Aaron: If you extract the certificate zip file, you can see the following list of certificate files inside.
  42. you: ok
  43. Aaron: AddTrustExternalCARoot.crt
  44. Aaron: COMODORSAAddTrustCA.crt
  45. Aaron: COMODORSADomainValidationSecureServerCA.crt
  46. Aaron: STAR_ekipazh-service_com_ua.crt
  47. you: Thanks! our RSA.KEY will be unchanged?
  48. Aaron: You should combine all the above certificate files into a single file name called 'ssl-bundle.crt' in reverse order as listing below.
  49. Aaron: yes, the RSA.KEY will be unchanged.
  50. Aaron: > cat STAR_ekipazh-service_com_ua.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt
  51. Aaron: Then you can configure Nginx Virtual Host by using this file ssl-bundle.crt
  52. you: ok
  53. Aaron: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/789/0/certificate-installation-nginx
  54. Aaron: You can refer the above URl for more information about Nginx installation
  55. you: Thanks!
  56. Aaron: you're welcome
  57. Aaron: Is there anything else, that I can assist you further ?>
  58. info: Your chat transcript will be sent to box4log@gmail.com at the end of your chat.
  59. you: We will try to follow instructions, and, if it is possible, we contact support if problem occur again
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!