Jump to content

Problems with SSL from godaddy


fabiorov

Recommended Posts

Hi everybody

I bought a SSL certificate from godaddy:

- They automatically generated the files "generated-csr.txt" and "generated-private-key.txt" and allowed me to download them.

- Later, they sent me an email, and I was able to download the files "af6d14e9d.......crt", "af6d14e9d........pem" and "gd_bundle-g2-g1.crt"

- I cannot follow the exact steps that unigui suggests with godaddy because the already generated the key and csr files

Could anyone help me?

 

Thanks in advance!

Link to comment
Share on other sites

Match those files like this:

      SSL.SSLOptions.RootCertFile := 'gd_bundle-g2-g1.crt';
      SSL.SSLOptions.CertFile := 'af6d14e9d.......crt';
      SSL.SSLOptions.KeyFile := 'generated-private-key.txt'; or af6d14e9d........pem

keyfile should contain -----BEGIN PRIVATE KEY----- (keep it secure)

RootCertFile should contain one or more -----BEGIN CERTIFICATE----- (incase of bundle)

CertFile contains single -----BEGIN CERTIFICATE----- (this is your certificate)

Some thing like this inside UniGUIServerModuleBeforeInit

    LSSLDir := TPath.Combine(TPath.Combine(TPath.GetPublicPath, PROGRAM_DATA_DIR), 'SSL');
    LRoot := TPath.Combine(LSSLDir, 'gd_bundle-g2-g1.crt';);
    LCert := TPath.Combine(LSSLDir, ''af6d14e9d.......crt');
    LKey  := TPath.Combine(LSSLDir, ''generated-private-key.txt'; or af6d14e9d........pem');

    if FileExists(LRoot) and FileExists(LCert) and FileExists(LKey) then
    begin
      SSL.SSLOptions.RootCertFile := LRoot;
      SSL.SSLOptions.CertFile := LCert;
      SSL.SSLOptions.KeyFile := LKey;
      SSL.SSLOptions.Method := sslvTLSv1_2;
      SSL.SSLOptions.Mode := sslmServer;
      SSL.SSLOptions.SSLVersions := [sslvTLSv1_2];
      SSL.Enabled := True;
      Log.Info('SSL.Enabled listening Port[' + IntToStr(SSL.SSLPort) + ']', LOG_MAIN);
    end;
 

 

 

 

  • Like 1
Link to comment
Share on other sites

If you set a password (not mandatory but good thing) when generating your certificate at godaddy.

Then I think you have to set this password to SSL.SSLPassword before enabling ssl.

....

SSL.SSLOptions.Mode := sslmServer;
SSL.SSLOptions.SSLVersions := [sslvTLSv1_2];

SSL.SSLPassword := 'the password you used during certificate generation';
SSL.Enabled := True;

 

  • Like 1
Link to comment
Share on other sites

  • Administrators
On 5/17/2020 at 1:21 AM, fabiorov said:

Hi everybody

I bought a SSL certificate from godaddy:

- They automatically generated the files "generated-csr.txt" and "generated-private-key.txt" and allowed me to download them.

- Later, they sent me an email, and I was able to download the files "af6d14e9d.......crt", "af6d14e9d........pem" and "gd_bundle-g2-g1.crt"

- I cannot follow the exact steps that unigui suggests with godaddy because the already generated the key and csr files

Could anyone help me?

 

Thanks in advance!

generated-csr.txt

This is your key.pem.

Quote

If you open your key file, it must look like this:

 

-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC5I4QtWEREyDJM
ltWdd/2UL4j/s+wZj81fFRJQkDn1X293VHwlIXuIgXI5v0ao3vYJupHaRR3YUm7y
H6+aGvhVI13fR7/M6QBJVO9RHmOFThBzHUYcIObT2CR4BSGkfmgJPX+b45n8TIJf
NoX50WrXH0X9w8dBV0SX2dIT67caW/uVvjvGfKC62uPY71mWu+ttRPwMeMbv0Kx1
BmqNAAtYVUiB2ZcpMfESaePX3vpAS9VS7i8NnRT/cPXsdNUcRbt2zp+ooN22lNb+
oRES8A65hyvwPBsfAUwKPnscqDZKJV4WsoAVYXkPIyglGglWq8hx7npC0nKNtEnX
aBex6XDVAgMBAAECggEBAKqFBdbl92sKoRldy75PqCV2as5pH0qj4lpzA/1j+Z4A
mp/kFrv0TN17rIN3o1MimKZ5SqEpC8YUls83U/uyX4u7GVjvsr6+1F62df3W6X78

.

.

69efJH4sd0GO58FyFtN202FllBL9BCvTu6WWCC7SbMYsSe4GjuRvWTQuwloyrdwu

5HbTE0TYbQ1HkwqSASZvVF+UgSg=

-----END PRIVATE KEY-----

 

Link to comment
Share on other sites

  • Administrators
Quote

root.pem is your root certificate and must be obtained from your SSL provider. For our GoDaddy example, it is in file gd_bundle-g2-g1.crt file. You can open the file in editor and check its format. It must start with -----BEGIN CERTIFICATE----- .

 

Just rename it to root.pem.

 

-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE
.
.
.
91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2
RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi
LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB
-----END CERTIFICATE-----

 

cert.pem is your site certificate. You received it from GoDaddy with a file name like 98d81da6dfe2095b.crt.

Rename this file to cert.pem and you are done.

 

Link to comment
Share on other sites

5 hours ago, Mehmet Emin said:

I recommend you go to https://zerossl.com/ and generate a new free certificate (dont set password for certificate) and test with that one.  And follow the steps above. Make sure to load files into correct properties. Your private key, your certificate and root certificate(may be with bundle).

Good luck

Hi Mehmet,  can you get free ssl for vpn which i only have IP address and no domain name

Link to comment
Share on other sites

1 minute ago, epos4u said:

Hi Mehmet,  can you get free ssl for vpn which i only have IP address and no domain name

I never used ssl in that way. I dont now.

Just buy a domain an do dynamic dns. so that you will have the domain name

  • Like 1
Link to comment
Share on other sites

You are getting this error message 

    SSL.SSLOptions.Method := sslvTLSv1_2;
      SSL.SSLOptions.SSLVersions := [sslvTLSv1_2];

Although I recommend above dont set them for now. They are more secure but you may get some errors while debugging and client connects. just ignore of this exception type.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...