Announcement

Collapse
No announcement yet.

To get an SSL Cert on CommitCRM Web Interface

Collapse
X
 
  • Filter
  • Time
Clear All
new posts

    To get an SSL Cert on CommitCRM Web Interface

    Ok, since there is hardly any documenation on how to do this inCommitCRM... Here's how.. Please note, this may be the blind leading the blind, but hopefully it will save someone some time.

    Here is CommitCRM's official documentation:

    Note that in the instructions, anything in [] should be replaced with your own variables.

    Also, in CommitCRM's documentation, the process they describe about importing your certifcate and exporting did not work for me. But maybe I did something wrong, your mileage may vary! :)

    To get an SSL Cert on CommitCRM Web Interface:

    1) Download openssl.exe here. Save it in a folder on your desktop.

    2) Create a custom config file for openssl and save it in the save directory openssl.exe is in. Instructions on doing that are here: (step 4) http://www.flatmtn.com/article/setti...e-certificates Maybe there's an easier way but that is the only way I could figure out.

    3) Open a command prompt and "cd" to the directory openssl is in. Run this command:
    openssl req -new -newkey rsa:2048 -nodes -out FQDN.csr -keyout Key.key -subj "/C=[COUNTRY ABREVIATION HERE]/ST=[2 DIGIT STATE ABBRIATION HERE]/L=[CITY HERE]/O=[ORGANIZATION NAME HERE]/CN=[FULLY QUALIFIED DOMAIN NAME HERE]" -config "opensslconf.cnf" Where opensslconf.cnf is the path to the config file you created in step 2. This will create the csr request to give to your Certificate Authority. (I used godaddy, $29/ year) Take note of the file that is created called Key.key. You are going to need this.

    4) Submit the CSR to your athority and then you should get the certificate back. Mine came in a *.crt format. This will have to be converted.

    5) Convert the certificate from a *.crt format to a *.pem format that CommitCRM needs. Run this command: openssl x509 -in [PATH TO CERT FROM CA].crt -out input.der -outform DER
    And this command:
    openssl x509 -in input.der -inform DER -out Cert.pem -outform PEM

    6) You now have the Key.pem (created in step 3) and the Cert.pem (created in step 5). Last we need the Root.pem. To get that, go to Internet Explorer -> Tools -> Internet Options -> Content -> Certificates -> Trusted Root Certifcation Authorities Tab. Find the CA in the list from whom you purchased your Cert. In my case, it was Go daddy. Click on their name, and Click Export. Export as a Base-64 encoded X.509. Save the file with your other PEM files. Now go rename that file to Root.pem.

    7) Save Root.pem, Key.pem, Cert.pem in your CommitCRMdir\Webinterface folder. Go to CommmitWebInterface.ini, and change the SSL Port to whatever you want and Set SSL Required to Y.

    8) Restart the CommitCRM web interface service on your server and you should have SSL. You will need to connect to https:\\[fqdn]:[ssl port]

    Done!!

    Re: To get an SSL Cert on RangerMSP Web Interface

    Hi Luke,

    Thanks a lot for posting this.
    We'll make sure to research & update the documentation according to this.
    Thanks again :-)

    Reno Breen

    Comment


      Re: To get an SSL Cert on CommitCRM Web Interface

      Thank you very much for this post. I've been trying to get the thing to work for a few hours now.

      Comment


        Re: To get an SSL Cert on CommitCRM Web Interface

        Do you know what you are having problems with? Are you getting errors? I know it's a pain, I'll be glad to help you if I can!

        --Luke

        Comment


          Re: To get an SSL Cert on CommitCRM Web Interface

          I have been working on this issue for a few weeks now with no luck.

          We already have a wildcard cert we would like to use.

          How does that change the instructions?

          Comment


            Re: To get an SSL Cert on RangerMSP Web Interface

            nattivillin - I believe that it shouldn't affect it. Did you try with the other dll files we sent you by email?

            Comment


              Re: To get an SSL Cert on CommitCRM Web Interface

              I didnt, yet. I don't really like using "older" files.

              Especially when i'm fairly confident the error is on our end.

              Comment


                Re: To get an SSL Cert on RangerMSP Web Interface

                Nevertheless please give it a try and see how it goes. It will hopefully solve the issue.

                Comment


                  Re: To get an SSL Cert on CommitCRM Web Interface

                  Instructions for using free StartSSL.com Class 1 Cert .
                  1.) Sign up for an account at StartSSL.com to get free class1 SSL certs. You'll need to generate a personal key and install it to your browser to authenticate with the StartSSL.com website (cool, but beyond the scope of this document). Its clearly documented on their website.
                  1.) choose to create a web certificate.

                  2.) StartSSL will create an encrypted private key first. Be sure to make note of what you choose for a password. For Example 'abcdefghij' (You will need this in CommitCRM interface)
                  Download the encrypted private key and save it to your computer.

                  3.)Continue in StartSSL to request your certificate. There may be a delay of several hours but it usually comes very quick.

                  4.) While you are waiting, Go back to the StartSSL toolbox and choose to decrypt the private key you just created. CommitCRM can only use the decrypted version.
                  Save the decrypted key as key.pem

                  5.) The cert provided by StartSSL is already in .pem format. Simply save a copy with the .pem extension. (cert.crt -> cert.pem) Save it as .crt to import into your browser.

                  6.) You can get the root and and intermediate cerificate you need directly from StartSSL website in the toolbox area. It's already in PEM format so simply save it as PEM. (Note:you will need to install the intermediate key in your browser.

                  Note: You may want to try with a few test certs (test1.mycompany.com) because if you screw up, you might burn a good cert name like clients.mycompany.com.

                  Driving you crazy? PM me offline (search racassel) and I'll take care of it for you quick for tiny, tiny dollars. It cost me a day to get it down pat.
                  No one should be running CommitCRM Web without SSL!

                  Comment


                    Re: To get an SSL Cert on CommitCRM Web Interface

                    racassel please can you sort this for me? i am only stuck on importing the Go Daddy SSL i keep getting not trusted problem.

                    Comment


                      Re: To get an SSL Cert on RangerMSP Web Interface

                      racassel,

                      Thanks for another great contribution which we have also added to the wiki here.

                      Comment


                        Re: To get an SSL Cert on CommitCRM Web Interface

                        Does it only work if you import the cert? If you buy an actual cert does it work normally?

                        How much for you to do it for us?

                        Comment


                          Re: To get an SSL Cert on CommitCRM Web Interface

                          We looked into Start SSL a few years ago, but we didnt get approved because I didnt want to give my personal address. They also say this "could" be used for potential investors;

                          All fields are required! You must provide your correct and complete personal details during initial registration! Be advised, that we may check and verify the validity of the information submitted. Misleading and wrong information will result in the blocking of access and revocation of certificates! See also this FAQ entry for more information.
                          Privacy: The personal details may be used in part or in full in certificates or digital identities. They may be presented in a summarized form to potential investors and business partners, but not in details. We refrain from contacting you, except in cases relevant for the service we provide or for clarifications.

                          Am I the only one who has an issue with this? Just didn't seem worth it just to get a free Cert.

                          Comment

                          Working...
                          X