SSL with non OD CA

Has anyone tried using SSL deployments without using the OpenDeploy Certificate Authority? We are interested in using the Microsoft CA (standard at the company), but the OD documentation basically says its untested.

Just wondering if anyone else had any feedback or had tried.

Find more posts tagged with

Comments

Migrateduser

Versign certs work.
And Entrust certs work once you invoke the openssl utilility to extract the cert into PEM format.

So if MSFT's certs are in PEM format or you can get them converted to that form, it should be able to work.

jjespersen

I am trying to set up the CSF access service and OD web service with SSL transport. (OD 6.01)

The issue I am having is the value Websvc.HTTPSCertPasswd in the websvc.cfg for the CSF service. I have no idea what to put there.

The certificate was generated by a Microsoft CA. The CSR was created with IIS. I have the Base64 encoded certificate from the CA, as well as a PFX i exported from IIS. With the PFX, I have used OpenSSL to convert it to a PEM format.

The only successful import of the certificate that I get is when I import only the Base64 encoded cert (either from the cert from the CA or from the PEM file after removing the additional data).

That inserts the following structure in the pstore file (alias value changed):
<record alias="server.domain.com">
<certificate type="X.509">
<encoded>
</encoded>
</certificate>
</record>

When setting the websvc.cfg property to this alias, I get the error "Login fails, root cause: Unsupported mechanism requested". It apparently has something to do with the password.

What steps am I missing to set this up properly?

Thanks
Jonathan

ListBoxControl.doc

KBruegl

Versign certs work.

I am about to generate a verisign cert. The Open Deploy admin guide states that we will get a signed certificate and the CA's own certificate. Having generated certs in the past for web servers, we never received both. Is there something needed to get the CA's own certificate also?

Thanks,
Kurt