Endpoint Security Complete

Hi guys,

I’m now building an on premise appcenter and got stuck at this page (see attached image - error encountered). Just so you know, For SSL Cer File field, I uploaded the cert granted by an internal CA. For SSL Key file field, I uploaded the private key generated upon creating the CSR and for  SSL CA Certificate bundle field, I uploaded the root cert of the internal CA. I used 2048 bit length in creating the CSR.

Upon uploading the said files, I got this error msg (See attached). I have also attached the files I uploaded (cert files.zip)

Anyone here who can shed light on this?

Regards,

Mark

Admin note: SSL attachment obscured

Attachment(s)

X509Error at config.txt   29 KB 1 version

Hello Mark,

This configuration page is a stickler for required fields. Based on the screenshot you provided, it would appear that you hadn't specified the SMTP server settings. The "This field is required" error next to the certificate fields could be misleading. If you miss a required field, the page will error out, and you'll have to refill the following fields over again:  admin password, configuration key, all cert fields.

The certificate files you chose sound correct:

• SSL Certificate File = Certificate of the App Center host (.cer)
• SSL Key File = Private key for the above certificate
• SSL CA Certificate Bundle = Single file containing chain of certificate authority (intermediate, intermediate, root CA)

For an internal CA, the root CA's certificate should be correct for the Certificate Bundle. Also, 2048 bit length is a-ok for the CSR.

Let me know if this is of assistance

Andrew

Did you get this figured out?

Hi Guys,

Yup, ive got the certificate accepted by the appcenter. Main reason for the error is that certs should be in PEM format (64 bit encoded). The one I used before is in DER format.

Now im having some issues in accessing the server via https (as required by the customer). When I telnet on port 443 of the nukona server. Its not working.

Im new to linux systems. Any idea what could be wrong here? My suspect is that the apache SSL service is not up.

See attached screenshots..

Hi Mark,

Apache runs on the daemon (service) called httpd. There is not a separate daemon for SSL. This is more than likely a firewall issue. Please check that you have opened up TCP port 443 on the local firewall.

If you're using the GUI in CentOS 5.8, access:  System > Administration > Security Level and Firewall. Ensure that Secure WWW (HTTPS) is enabled as a trusted service.
 

If using command line, run the following commands:

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

service iptables save

service iptables restart

  
Also, to verify that Apache is listening on TCP port 443 (regardless of firewall settings- this is not a firewall test), run the following command:

netstat -ln | grep :443

  
For further assistance with networking issues, please refer to the CentOS documentation

Let me know if this resolves your issue
  

Andrew

Hi Mark,

Just wanted to check in on this thread. Were you able to resolve the issue with HTTPS access?

If not, let me know the current behavior, and if my above recommendations had any effect. Otherwise, I would like to request that you mark this issue as resolved.

Let me know how I can further assist, 

Andrew

Hi Andrew,

Tried the steps above but didn't work as well. It seemed that the error has something to do with the upload process of certificates. Got this document from Technical Field Enablement which may also help others setting up their environment..

Cheers,
mark

Attachment(s)

App Center Cert Process - Internal CA - Google Drive.pdf   1.98 MB 1 version

Hi Mark,

Are you saying that you identified root cause as being related to the certificates, and the issue is now resolved?

If not, please let me know the current behavior- what happens when you try and access App Center over HTTP locally on the server?

Also, silly question I should have asked initially: When filling in the fields in the configuration page (where you also upload the SSL certs), did you enable the checkbox for "Set up Apache with SSL?" ?

Thanks,

Andrew