1 Reply Latest reply on Sep 9, 2014 5:25 AM by Mike Duncan

    how to start over with SSL...

    charleshuff

      I followed instructions that I don't really understand and got the temporary free ssl from comodo to work. 1)turn off require secure connection on server, close files, stop server, reboot 2)fmsadmin certificate create "/CN=yourdomainname.com/O=My Company Name/C=country/ST=state name/L=city name" then writes two files into CStore folder. 3)open serverRequest.pem and copy the code between Begin Certificate Request and End Certificate Request into the webform at Comodo 4)install the resultant file from them into the CStore folder with sudo fmsadmin certificate import /pathtocertificate

       

      The free one expires in 30 days. I sent email to Comodo to upgrade the cert for 5 years and paid the fee. They did NOT renew the free cert. Now I have to start all over. The problem now is that the steps above cannot be replicated. I get no new files when I rename the serverKey.pem and the serverCustom.pem and repeat the process. I do not remember doing anything to root.pem or server.pem the first time around. Should I try moving the four files to another directory? They are root.pem, server.pem, serverCustom.pem, and serverKey.pem? I am assuming I cannot just reuse the original serverRequest.pem that I used with the free trial. I checked the permissions and they look ok to me...

       

      The fmsadmin certificate create command gives no error message, but does not seem to write any new files to the CStore folder. Does anyone have any idea how to fix this? or even how to trouble shoot it?

       

      thanks in advance...

        • 1. Re: how to start over with SSL...
          Mike Duncan

          If you're on OS X, you might have more luck just using the open ssl command line and installing the cert manually in the right location. I would think that unless you want to repeat these steps every month that a little investment into a paid cert would be worthwhile as well. Otherwise, would a self signed cert be sufficient?