SSL troubles - Generate .key from .crt? (AlphaSSL)
You can't do any of those. Just issue a revoke request and get a new cert. If you loose your private key - bang, you're gone. That's the whole point of it.
Related videos on Youtube
Alexander
Updated on September 18, 2022Comments
-
Alexander over 1 year
This is greatly troubling me,
I have generated a .csr and .key file to send to dynadot (which sends that to AlphaSSL) with this command:
openssl req -out foo.com.csr -new -newkey rsa:2048 -nodes -keyout foo.com.key
It had asked me for confirmation and I received apparently an intermediate chain certificate, however I just placed it in
foo.com.crt
and it worked fine on my domain.Contrary to what the purchasing pages had stated, SSL only works on (domain.com) and not (www.domain.com) and I had used
domain.com
for my common name when generating the original signing request.I thought this was due to me not using the intermediate chaining, so I had foolishly overwritten the .csr and .key to try to install the GlobalSign root cert before the AlphaSSL one provided to me by dynadot in the same .csr file, however it gives me a warning about a mismatch with my .key file now (I am using nginx)
I had tried to reproduce my steps and settings, however I cannot get the (fresh crt, just what was given to me by dynadot) and .key that I regenerated with the same settings - it just mismatches.
Is it possible to re-request the csr? or generate the private .key from the .csr I was given?
I would rather not spend another chunk of money, and I've no actual AlphaSSL account so I am not sure I can really ask for support or redo the signing.
If you could provide any advice or help I would appreciate it.
-
Felix Frank almost 10 yearsI believe it works the other way around - request a
www.example.net
certificate and theexample.net
SAN is usually added free of charge.
-
-
Alexander almost 13 yearsI'll try AlphaSSL as they seem to ask for contact without an account or anything, I do not see anything on the my reseller (Dynadot), glad it is slightly easier than I thought.
-
anthonysomerset almost 13 yearsyou should also never be required to submit a key file to a provider either