Clever Geek Handbook

Configuring TLS Certificate for Github Enterprise Server

In my Github enterprise, when I install a keyed SSL certificate, it throws an error:

"Github ssl cert The certificate is not signed by a trusted certification authority (CA) or the certificate chain is missing intermediate CA certificates."

I got 4 certification center team certifications from ours.

  • SSL certificate: github.pem
  • Set of 3 CA certificates: root, subca and subca2

My Github enterprise management console requires 2 entries

  • SSL certificate x509
  • Unencrypted key

I have tried only the github.pem key and with different combination by concatenating the CA certificates, but failing always with the same error.

Is there a template for certificate concatenation?

Any hints how can I solve this?

Thanks in advance.

+3


source to share


2 answers


I had the same problem. When trying to upload PEM and Key files to GitHub Enterprise, I got the same message. The certificate was generated using the same methods as before, but did not execute.

Github ssl cert The certificate is not signed by a trusted certification authority (CA), or there are no intermediate CA signing certificates in the certificate chain.

Steps I took:

  • Created a certificate for the server (web server with private key)
  • Exported from my users personal store (PFX including all certificates in path and exports all extended properties)
  • C: \ OpenSSL-Win64 \ bin> openssl.exe pkcs12 -in git_key_included.pfx -nocerts -out priv-key.pem -nodes
  • C: \ OpenSSL-Win64 \ bin> openssl.exe pkcs12 -in git_key_included.pfx -nokeys -out cert.pem
  • C: \ OpenSSL-Win64 \ bin> openssl rsa -in priv-key.pem -out server.key

I eventually figured it out by opening PEM with Notepad ++. Openssl commands work fine with old exported certificate but exchange certificate orders on new exported certificate. The broken cert had:



Primary SSL Certificate Root Certificate Intermediate Certificate

Instead of proper ordering:

Primary SSL Certificate Intermediate Certificate Root Certificate

So I changed them and it worked.

+1


source


Follow these steps to add 3 certificates to your .pem file:



  1. Open the pem file of the domain certificate in Notepad ++.
  2. Add an intermediate certificate (DigiCertCA2.pem) in the Domain certificate field.
  3. Add the root certificate (TrustedRoot.pem) to your domain certificate.
  4. Save the .pem file which has the following 3 certificates (domain, staging, root).
  5. Download the modified certificate.pem file and private key.
  6. click on Save Settings.
+1


source






More articles:


All Articles