Thread Info
  • State Verified Answer
  • +5 person also asked this people also asked this
  • Locked Locked
  • Replies 20 replies
  • Answers 3 answers
  • Subscribers 39 subscribers
  • Views 91855 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

GoDaddy SSL Certificate for User Portal

ChrisBacker1

I have an SSL certificate from GoDaddy that I am trying to import into the XG 230 firewall. It wants the private key in a .key format which GoDaddy is only giving me a .crt format. The certificate key is in .p7b format which works just fine it appears. 

I am reading articles on how to convert ssl certificates using OpenSSL but I am not seeing a way to convert .crt certificate to .key format. 

Is this even possible? Am I just missing something completely? 

I just want my users outside when they go to vpn.mycompany.com to not get a certificate error. 



Edited tags
[edited by: Erick Jan at 11:18 PM (GMT -7) on 15 Sep 2022]
  • 0

    Hi 
    Thanks for your kind help out there 
    I need some kind help from your side 
    I use public certificate from Godaddy and I followed all the instruction provoided 
    but I got this erroros 
    C:\Program Files (x86)\GnuWin32\bin>openssl pkcs12 -export -chain -CAfile gd_bundle-g2-g1.crt -in 778ed63caa2045b0.crt -inkey mycompany.com.key -out mycompany.com.pkcs12 -name mycopmanycom -passout pass:xxxxx
    Loading 'screen' into random state - done
    Enter pass phrase for mycompany.com.key:
    13092:error:0D0BA041:asn1 encoding routines:ASN1_STRING_set:malloc failure:./crypto/asn1/asn1_lib.c:381:
    13092:error:0B08A041:x509 certificate routines:X509_ATTRIBUTE_set1_data:malloc failure:./crypto/x509/x509_att.c:317:
    Please can you help me 
    Thanks in advanced 

  • 0 in reply to mohamedessaily

    I have never seen that error before. Maybe try to be in the OpenSSL directory instead? I see you are in GnuWin32 directory. 

  • 0 in reply to RichardPhillips

    RichardPhillips said:

    I am a noob to OpenSSL and only have access to Windows PC's

    For Windows here is what I did.  First import your certificate into IIS (which it probably already is).  Then go into Certificate Management:

    • Open Microsoft Management Console (mmc.exe)
    • File -> Add/Remove Snap-ins
    • Add in Certificates - Computer account - Local Computer
    • Go under Personal -> Certificates. 
    • Right click the certificate you imported into IIS and select All Tasks -> Export. 
      • Hit Next then Yes export the private key. 
      • On the next screen I would click "Export all extended properties" then Next.
      • Check the Password box and give it a password.  Save it somewhere then Next and Finish. 

    You should be able to import that .pfx file into the Sophos with the password you set without having to use OpenSSL.  I've imported two certificates to two different XG's this way.

    -Allan

  • 0 in reply to AllanD

    Thanks Allan, but I resolved it nearly 11 months ago with the link was given to me about OpenSSL.

  • 0 in reply to RichardPhillips

    @Richard 

    i go through the link to setup godaddy ssl certificate few months ago, it was helpful to me. you may also have a look on this site https://pk.godaddy.com/help/request-an-ssl-certificate-562.
    Moreover i wanna add here that godaddy store is providing 50% OFF on godaddy SSL Certificate. if you need that discount than you have to provide a discount code there, and i think you can find it easily anywhere from google or you may check this link from where i got http://www.couponbend.com/godaddy-coupon-codes.html.

    Hope it's informative and helpful for you!

  • 0

    Be warned, using a 3rd party SSL certificate for user portal breaks the internal webpage. e.g. https://userportal.yourdomain.com will be fine but https://192.168.1.254 will not.

    The reason this is a problem is because quarantine digest, at present can only bind to an IP address not a domain name. So when users click the release spam button they get a certificate error in their browser.

    We setup a GoDaddy cert for our external portal access, but then decided to switch the Sophos cert back on because more staff used the internal address for releasing spam.

  • 0

    For anyone still having issues with this process, I wrote up a blog post based on  great post. 

    It covers the steps in a little more detail. It can be found Here

  • 0 in reply to DaMaN841

    I'm a new dealer and this is my first install.  I shouldn't have to do this.  Can't import Godaddy certificates?  They're not exactly a small player.  Have I picked the wrong firewall?

     

    FYI:  I had to rename the file "vpn.company.com.pkcs12" to "vpn.company.com.pfx" in order to get Sophos to import it.

     

  • 0 in reply to DaMaN841

    Best solution for all types of SSL certificates, Great !!

  • 0

    You can do this inside Windows pretty easily.

    Download the Other pack from Godaddy

    Extract the zip file

    double click the (randomname).crt

    The Windows Certificate viewer opens up.

    Click the Details Tab

    Select Copy to File...

    Export as CER (BASE64)

    Save file & Upload to Sophos