0

Enabling HTTPS on Windows 10 - I have my cert, now what?

Tom Davies 1 year ago updated by Björn Ryrholm 1 year ago 2

After a bunch of messing around with my DNS provider (GoDaddy), I finally got my certificates from SSLforFree.com.


So, now I have a ca_bundle.crt, a certificate.crt, and a private.key file. What the heck do I do with them? By the way, I have Ubooquity running on a Windows 10 Pro machine.


I swear I had tried this years ago with a self-signed cert, and there were good directions here on the Ubooquity site. But I can't find them. The only HTTPS/SSL/cert instructions I can find are for Linux. :(


Thanks in advance,

Tom



Side Note:

For anyone using GoDaddy and getting a cert from sslforfree.com, I had to create TXT records a couple of times to get it to work. Entering in _acme-challenge.mydomain.com for the Name value would not work at all. I had to use @ for the name and combine the name and the values they gave me into the value field on GoDaddy's web interface. Like this:


Type: TXT

Name: @

Value: _acme-challenge.mydomain.com=the-key-value-sslforfree-gave-me


Type: TXT

Name: @

Value: Value: _acme-challenge.www.mydomain.com=the-other-key-value-sslforfree-gave-me

I tried following these directions:

Java Keytool - Create Keystore

Then I pointed Ubooquity's security settings to the keystore file I created above and entered the keystore password.


But ended up getting Firefox browser security warnings. It kept saying that the cert was self-signed (it isn't) and that it was for the wrong site. When I looked at the cert details in the browser, it showed my domain name without the www. Should it have the www on it? I have a root cert/intermediate cert bundle and a certificate for www.mydomain.com. I thought the root/intermediate bundle was for *.mydomain.com but I'm not really sure now...

Hello Tom, Similar like you I have just recently gotten into adding the certificate that I have gotten for my domain to Ubooquity, been a decent process to solve it for me so I though I would share my experience and hopefully it will help you and others in the future.


So basically I had received from my provide the .CRT certificate file,

  what I had not received first time around until I requested it was the private .key file.


Next step once I had both the Certificate and Private key then I needed to create the Java keystore that I then could point Ubooquity to.

To archive this as all my attempts to supply the private key from my provider to the Java Keytool had failed then I used the OpenSSL tool to do that.

Downloaded Win32 executable from:  https://slproweb.com/products/Win32OpenSSL.html

But ofcourse Linux version is available from git and main sources.


Next step combine the Certificate and the private key into a PKCS12 (.p12) format.

replace the <path-to_.XXX.file> with the path to the corresponding file for you.

Command: C:\OpenSSL-Win32\bin>openssl pkcs12 -export -in <path_to_.crt_file> -inkey <path_to_key_.file> -name [host] -out <path_to_output.p12_file>



Next create your keystore from the .p12 file, same deal here replace the <certificatepassword> with your password for the javakeystore,  will be needed to be entered in the Ubooquity interface. and <where_to_save.jks_file> with path where to save the final product.

Also note Java version folder will likely be different for you, but it is the folder containing the keytool.exe


Command: C:\Program Files (x86)\Java\jre1.8.0_181\bin>keytool -importkeystore -deststorepass <CERTIFICATEPASSWORD> -destkeystore <where_to_save.jks_file> -srckeystore <path_to_.p12_file> -srcstoretype PKCS12

Now you can update the Security tab of the Ubooquity page to your keystore file and keystore password given.


Presto it was working for me now to access Ubooquity with https://Domain.Name:portnumber 

Hopefully it will be of help in getting it resolved for you also.

// Björn