15

The cert I have from StartSSL comes with a key file. But from GoDaddy, I get only the 2 .crt files. GoDaddy's instructions are for CentOS and explicitly do not work for Ubuntu.

How do I export the private key ... or get it from somewhere ... so I can use it with Apache SSL? The question that is ALMOST the same as mine assumes use of a Mac Keychain application. I don't run a Mac and I'm trying to do everything on the Ubuntu command line. I know there's a way to do this ... can anyone help me find it?

Thanks!

Daniel Wilson
  • 382
  • 3
  • 4
  • 14

2 Answers2

25

Follow this steps.

  1. First of all Generate the Private key and CSR using the following command.

    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

    You'll be asked the questions like the Country, State, City, Company Name, Domain name and all. Just fill up the details and your Private key will be ready as server.key in the directory you are going to run this command.

    You'll be asked to enter Challenge Password, You can enter any secure Password in there.

  2. Login into GoDaddy and ReKey the Certificate, You'll have to Submit the CSR we've generated with the Private Key.

Once you'll Rekey the Certificate, you'll be able to Install the certificate using the crt file you got, ca-bundle you got and the Private key we just made!

Let me know if you have any questions about this.

PS: You have to use this method when you lose your Private key.

Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
Adarsh Sojitra
  • 2,059
  • 1
  • 27
  • 50
  • Thank you! that was it! – Daniel Wilson Apr 05 '17 at 03:14
  • Hi p01ymatch From where I can get `server.csr` file? – Ashh Jan 31 '19 at 12:44
  • server.csr is an output file that will be generated when you execute this command. – Adarsh Sojitra Jan 31 '19 at 15:04
  • 1
    thank you... And from where I can get `server.key`? please use `@` – Ashh Feb 01 '19 at 06:11
  • @AnthonyWinzlet, server.key is also an output file. – Adarsh Sojitra Feb 01 '19 at 11:12
  • Thank you last question. I got two `.crt` files from the godaddy. Which one I need to use on server `ssl on; ssl_certificate /gd_bundle-g2-g1.crt;` this? – Ashh Feb 01 '19 at 11:36
  • 1
    @AnthonyWinzlet, To properly install SSL Certificate, you need total 3 files. One will be server.key which you have generated by executing the command, The other two you got will be Certificate file and Chain File (The one with ca_bundle). You need all these files to install SSL. If you are configuring using Nginx, Join both the files you got in a single one and use it as value for `ssl_certificate` directive. – Adarsh Sojitra Feb 02 '19 at 01:54
  • 1
    @AdarshSojitra After lot of struggle, this answer worked for me. Thanks adarsh!!! – Raj Kumar N Mar 17 '23 at 13:05
  • godday does not provide private key directly? – Sunil Garg Jun 28 '23 at 03:44
0

Just adding more detailed steps

On local windows command line

heroku login --sso // (on browser it will open the link - fill creds and done)

heroku apps // check your apps

heroku run bash -a <app-name>

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

It will ask few questions like Country,Email etc.. fill the info carefully

this will generate server.csr (request file) and server.key ( server.key )

copy this server.csr content file to godaddy's webiste, it will rekey and issue new certificate.

Download the public key

on heroku -> setting-> add/update certificate

copy public key downloaded from godaddy and private key generated on heroku server

thats all

Sunil Garg
  • 14,608
  • 25
  • 132
  • 189