Author Topic: HOWTO: Trusted Certificate  (Read 17553 times)

ray-ven

  • Zen Apprentice
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Trusted Certificate
« Reply #15 on: May 03, 2014, 02:38:40 pm »
Hmm, i tried to work around the problem. I've generated a cert via zentyal and took it for validation at commodo. They sent me som .crt files... But what now?!
Thank you, Ray

ray-ven

  • Zen Apprentice
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Trusted Certificate
« Reply #16 on: May 04, 2014, 01:23:54 pm »
Well, imho there's no difference between .crt or .pem files. Pem can contain multiple certificates though (according to https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1426)
I actually don't know how to change  /usr/share/zentyal/stubs/core/haproxy.cfg.mas correctly (I want one cert for everything as well), and - I cannot figure out how to put all crt files in the correct order into the pem, as they have different names than in the commodo howto (COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt, AddTrustExternalCARoot.crt, my_domain.crt, and my private key is in /var/lib/zentyal/CA/private, I think).

Anyway - wouldn't it be possible to overwrite files in /var/lib/zentyal/CA with the trusted cert files?

I really cannot understand why importing certs isn't part of zentyal, or why this procedure is that complicated! It looks to me, as if we just have to point to a bunch of files, and that's it! But this may be another thread...

Please help me out! I'm really lost with this stuff
« Last Edit: May 04, 2014, 01:44:21 pm by ray-ven »

ray-ven

  • Zen Apprentice
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Trusted Certificate
« Reply #17 on: May 06, 2014, 09:15:01 am »
It would be enough to know how to change   /usr/share/zentyal/stubs/core/haproxy.cfg.mas
and what the .pem should contain.

Please help me out with this

ff8jake

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +4/-0
    • View Profile
Re: HOWTO: Trusted Certificate
« Reply #18 on: May 07, 2014, 03:18:57 pm »
It would be enough to know how to change   /usr/share/zentyal/stubs/core/haproxy.cfg.mas
and what the .pem should contain.

Please help me out with this
This is the change I made, and it will apply your .pem to pretty much every part of the server (admin, webmail, etc). It will need to be a .pem file including the cert, any intermediate/chain certs, and the key in my experience.

In line 63 of haproxy.cfg.mas you have the following:
Code: [Select]
%           my $newCrt = 'crt ' . $service->{pathSSLCert};
which I have changed to this:
Code: [Select]
%           my $newCrt = 'crt /path/to/my/certificate.pem';
After the change I restarted just to ensure the config files everywhere were regenerated. Hope this helps.

stickybro

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Trusted Certificate
« Reply #19 on: May 08, 2014, 06:33:54 am »
It would be enough to know how to change   /usr/share/zentyal/stubs/core/haproxy.cfg.mas
and what the .pem should contain.

Please help me out with this
This is the change I made, and it will apply your .pem to pretty much every part of the server (admin, webmail, etc). It will need to be a .pem file including the cert, any intermediate/chain certs, and the key in my experience.

In line 63 of haproxy.cfg.mas you have the following:
Code: [Select]
%           my $newCrt = 'crt ' . $service->{pathSSLCert};
which I have changed to this:
Code: [Select]
%           my $newCrt = 'crt /path/to/my/certificate.pem';
After the change I restarted just to ensure the config files everywhere were regenerated. Hope this helps.

thank you for this ff8jake  8) it works very well!

ray-ven

  • Zen Apprentice
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Trusted Certificate
« Reply #20 on: May 08, 2014, 10:02:32 pm »
Yay!!! Thank you very very very much!

But why the hell isn't this a standard procedure in zentyal?! Whyyyyy?

donb

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Trusted Certificate
« Reply #21 on: January 20, 2015, 10:26:28 pm »
I am running version 4 , I don't even have /usr/share/zentyal/stubs/core/haproxy.cfg.mas

Does anyone know the new path ?

ileshwart

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Trusted Certificate
« Reply #22 on: April 11, 2015, 09:25:03 am »
Hi,

I am also using zentyal 4. can't find  /usr/share/zentyal/stubs/core/haproxy.cfg.mas.
Can any one help me out that what is the file in zentyal 4 we need to modify for trusted certificates.

Regards
Ilesh

jniemand

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Trusted Certificate
« Reply #23 on: May 09, 2016, 06:31:45 pm »
There's a great solution for using trusted certificates in Zentyal 4.2+ (by installing them into the Zentyal CA) here: https://forum.zentyal.org/index.php/topic,24513.msg101014.html