Configuring TLS Certificate for Github Enterprise Server
In my Github enterprise, when I install a keyed SSL certificate, it throws an error:
"Github ssl cert The certificate is not signed by a trusted certification authority (CA) or the certificate chain is missing intermediate CA certificates."
I got 4 certification center team certifications from ours.
- SSL certificate: github.pem
- Set of 3 CA certificates: root, subca and subca2
My Github enterprise management console requires 2 entries
- SSL certificate x509
- Unencrypted key
I have tried only the github.pem key and with different combination by concatenating the CA certificates, but failing always with the same error.
Is there a template for certificate concatenation?
Any hints how can I solve this?
Thanks in advance.
source to share
I had the same problem. When trying to upload PEM and Key files to GitHub Enterprise, I got the same message. The certificate was generated using the same methods as before, but did not execute.
Github ssl cert The certificate is not signed by a trusted certification authority (CA), or there are no intermediate CA signing certificates in the certificate chain.
Steps I took:
- Created a certificate for the server (web server with private key)
- Exported from my users personal store (PFX including all certificates in path and exports all extended properties)
- C: \ OpenSSL-Win64 \ bin> openssl.exe pkcs12 -in git_key_included.pfx -nocerts -out priv-key.pem -nodes
- C: \ OpenSSL-Win64 \ bin> openssl.exe pkcs12 -in git_key_included.pfx -nokeys -out cert.pem
- C: \ OpenSSL-Win64 \ bin> openssl rsa -in priv-key.pem -out server.key
I eventually figured it out by opening PEM with Notepad ++. Openssl commands work fine with old exported certificate but exchange certificate orders on new exported certificate. The broken cert had:
Primary SSL Certificate Root Certificate Intermediate Certificate
Instead of proper ordering:
Primary SSL Certificate Intermediate Certificate Root Certificate
So I changed them and it worked.
source to share
Follow these steps to add 3 certificates to your .pem file:
- Open the pem file of the domain certificate in Notepad ++.
- Add an intermediate certificate (DigiCertCA2.pem) in the Domain certificate field.
- Add the root certificate (TrustedRoot.pem) to your domain certificate.
- Save the .pem file which has the following 3 certificates (domain, staging, root).
- Download the modified certificate.pem file and private key.
- click on Save Settings.
source to share