Topic: thawte certificate installation

[billmakr]

I am trying to install a thawte certificate on my v7.51 sme server. I tried following the how to listed in the HowTo section but it errors out when I get to the execute the file with this output:

[root@inetserver cacert]# ./cacert_csr_request
No such class keycrypt at ./cacert_csr_request line 9, near "my keycrypt"
syntax error at ./cacert_csr_request line 9, near "my keycrypt ="
No such class KEYLIFEINDAYS at ./cacert_csr_request line 10, near "my KEYLIFEIND                                             AYS"
No such class COUNTRYCODE at ./cacert_csr_request line 11, near "my COUNTRYCODE"
Global symbol "$keycrypt" requires explicit package name at ./cacert_csr_request                                              line 24.
Global symbol "$COUNTRYCODE" requires explicit package name at ./cacert_csr_requ                                             est line 29.
Global symbol "$keycrypt" requires explicit package name at ./cacert_csr_request                                              line 54.
Execution of ./cacert_csr_request aborted due to compilation errors.
[root@inetserver cacert]# [root@inetserver cacert]# chmod u+x cacert_csr_request
[root@inetserver cacert]# ./cacert_csr_request
No such class keycrypt at ./cacert_csr_request line 9, near "my keycrypt"
syntax error at ./cacert_csr_request line 9, near "my keycrypt ="
-bash: [root@inetserver: command not found
No such class KEYLIFEINDAYS at ./cacert_csr_request line 10, near "my KEYLIFEIND                                             AYS"
No such class COUNTRYCODE at ./cacert_csr_request line 11, near "my COUNTRYCODE"
Global symbol "$keycrypt" requires explicit package name at ./cacert_csr_request                                              line 24.
[root@inetserver cacert]# [root@inetserver cacert]# ./cacert_csr_request
-bash: [root@inetserver: command not found
[root@inetserver cacert]# No such class keycrypt at ./cacert_csr_request line 9,                                              near "my keycrypt"
-bash: No: command not found
[root@inetserver cacert]# syntax error at ./cacert_csr_request line 9, near "my                                              keycrypt ="
-bash: syntax: command not found
[root@inetserver cacert]# No such class KEYLIFEINDAYS at ./cacert_csr_request li                                             ne 10, near "my KEYLIFEINDAYS"
-bash: No: command not found
[root@inetserver cacert]# No such class COUNTRYCODE at ./cacert_csr_request line                                              11, near "my COUNTRYCODE"
-bash: No: command not found
[root@inetserver cacert]# Global symbol "$keycrypt" requires explicit package na                                             me at ./cacert_csr_request line 24.
-bash: Global: command not found
[root@inetserver cacert]# Global symbol "$COUNTRYCODE" requires explicit package                                              name at ./cacert_csr_request line 29.
-bash: Global: command not found
[root@inetserver cacert]# Global symbol "$keycrypt" requires explicit package na                                             me at ./cacert_csr_request line 54.
-bash: Global: command not found
[root@inetserver cacert]# Execution of ./cacert_csr_request aborted due to compi                                             lation errors.
-bash: Execution: command not found
[root@inetserver cacert]# [root@inetserver cacert]#
-bash: [root@inetserver: command not found
[root@inetserver cacert]# No such class keycrypt at ./cacert_csr_request line 9, near "my keycrypt"
No such class KEYLIFEINDAYS at ./cacert_csr_request line 10, near "my KEYLIFEIND                                             AYS"
No such class COUNTRYCODE at ./cacert_csr_request line 11, near "my COUNTRYCODE"
Global symbol "$keycrypt" requires explicit package name at ./cacert_csr_request                                              line 24.
-bash: No: command not found
Global symbol "$COUNTRYCODE" requires explicit package name at ./cacert_csr_requ                                             est line 29.
Global symbol "$keycrypt" requires explicit package name at ./cacert_csr_request                                              line 54.
Execution of ./cacert_csr_request aborted due to compilation errors.
[root@inetserver cacert]# [root@inetserver cacert]# chmod u+x cacert_csr_request
[root@inetserver cacert]# ./cacert_csr_request
No such class keycrypt at ./cacert_csr_request line 9, near "my keycrypt"
[root@inetserver cacert]# syntax error at ./cacert_csr_request line 9, near "my keycrypt ="
[root@inetserver cacert]# Global symbol "$keycrypt" requires explicit package na                                             me at ./cacert_csr_request line 24.
-bash: Global: command not found
[root@inetserver cacert]# Global symbol "$COUNTRYCODE" requires explicit package                                              name at ./cacert_csr_request line 29.
-bash: Global: command not found
[root@inetserver cacert]# Global symbol "$keycrypt" requires explicit package na                                             me at ./cacert_csr_request line 54.
-bash: Global: command not found
-bash: syntax: command not found
[root@inetserver cacert]# No such class KEYLIFEINDAYS at ./cacert_csr_request line 10, near "my KEYLIFEIND                                             AYS"
-bash: No: command not found
[root@inetserver cacert]# Execution of ./cacert_csr_request aborted due to compi                                             lation errors.
-bash: Execution: command not found
[root@inetserver cacert]# [root@inetserver cacert]#
-bash: [root@inetserver: command not found
[root@inetserver cacert]#
[root@inetserver cacert]# No such class COUNTRYCODE at ./cacert_csr_request line 11, near "my COUNTRYCODE"
-bash: No: command not found
[root@inetserver cacert]# Global symbol "$keycrypt" requires explicit package name at ./cacert_csr_request                                              line 24.
-bash: Global: command not found
[root@inetserver cacert]# Global symbol "$COUNTRYCODE" requires explicit package name at ./cacert_csr_requ                                             est line 29.
-bash: Global: command not found
[root@inetserver cacert]# Global symbol "$keycrypt" requires explicit package name at ./cacert_csr_request                                              line 54.
-bash: Global: command not found
[root@inetserver cacert]# Execution of ./cacert_csr_request aborted due to compilation errors.
-bash: Execution: command not found
[root@inetserver cacert]# [root@inetserver cacert]# [root@inetserver cacert]# chmod u+x cacert_csr_request
-bash: [root@inetserver: command not found
[root@inetserver cacert]# [root@inetserver cacert]# ./cacert_csr_request
-bash: [root@inetserver: command not found
[root@inetserver cacert]# No such class keycrypt at ./cacert_csr_request line 9, near "my keycrypt"
-bash: No: command not found
[root@inetserver cacert]# syntax error at ./cacert_csr_request line 9, near "my keycrypt ="
-bash: syntax: command not found
[root@inetserver cacert]# -bash: [root@inetserver: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# No such class KEYLIFEINDAYS at ./cacert_csr_request line 10, near "my KEYLIFEIND                                             AYS"
-bash: No: command not found
[root@inetserver cacert]# No such class COUNTRYCODE at ./cacert_csr_request line 11, near "my COUNTRYCODE"
-bash: No: command not found
[root@inetserver cacert]# Global symbol "$keycrypt" requires explicit package name at ./cacert_csr_request                                              line 24.
-bash: Global: command not found
[root@inetserver cacert]# [root@inetserver cacert]# [root@inetserver cacert]# ./cacert_csr_request
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: [root@inetserver: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]# No such class keycrypt at ./cacert_csr_request line 9,                                              near "my keycrypt"
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: No: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]# syntax error at ./cacert_csr_request line 9, near "my                                              keycrypt ="
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: syntax: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]# No such class KEYLIFEINDAYS at ./cacert_csr_request li                                             ne 10, near "my KEYLIFEINDAYS"
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: No: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]# No such class COUNTRYCODE at ./cacert_csr_request line                                              11, near "my COUNTRYCODE"
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: No: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]# Global symbol "$keycrypt" requires explicit package na                                             me at ./cacert_csr_request line 24.
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: Global: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]# Global symbol "$COUNTRYCODE" requires explicit package                                              name at ./cacert_csr_request line 29.
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: Global: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]# Global symbol "$keycrypt" requires explicit package na                                             me at ./cacert_csr_request line 54.
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: Global: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]# Execution of ./cacert_csr_request aborted due to compi                                             lation errors.
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: Execution: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]# [root@inetserver cacert]#
-bash: [root@inetserver: command not found
[root@inetserver cacert]# -bash: [root@inetserver: command not found
-bash: -bash:: command not found
[root@inetserver cacert]# [root@inetserver cacert]#
-bash: [root@inetserver: command not found
[root@inetserver cacert]#


  Any help is appreciated. I have tried to find an accurate how to for this but have come up empty for one that works.

Thank you for your help.

[janet]

billmakr

Maybe this might give more clues as to the correct process to follow:

http://wiki.contribs.org/Certificates_Concepts#Commercial_certificates
or this
http://wiki.contribs.org/Certificate_Integration_startssl.com_Server_Certificate
or this
http://wiki.contribs.org/Certificates_signed_by_own_CA

Have you extensively searched the forums for thawte as there have been numerous posts re installing commercial certificates. Also did you follow install advice from thawte ?

When you are successful please create a Howto article specifically for thawte certificates. You can post the steps you used back here and someone will assist if you cannot do it (create the Howto) yourself.

[cactus]

According to the history of the page someone has altered the script, and probably did not test properly. For know as a quick fix download the version from the revision before the alterations, perhaps that might work:

http://wiki.contribs.org/index.php?title=Custom_CA_Certificate&oldid=14766

[cactus]

In the mean time I have reverted the offensive changes so the latest version on the wiki should work again, at least it runs without the failures mentioned here.

[Jean-Philippe Pialasse]

Sorry i am responsible for this noise. Some typo error copying the correction by hand. I will make a new version and double check it


JP Pialasse

[Jean-Philippe Pialasse]

Updated !

There is still place for improvement as a certificate file might need more information about the entity,  but as far as i have reached this is the more thing i have been asked to give.

reference for rows that might be asked for configuring your certificate : http://www.flatmtn.com/article/setting-openssl-create-certificates

[billmakr]

thanks for the help so far but no success. I did indeed look for information in the forum but see no information that seems to work. I did look at all references made by Mary and from thawte. No problems generating the key using the openssl instructions for apache server. The .csr and .key file were created and then csr submitted to thawte. The crt was downloaded from thawte and inserted into the .crt file on SME without problems. Gave the set config pro commands,post upgrade, and poet reboot commands as directed, and all went well. The website was now no longer on line and became unreachable untill I reset the back to the generated files created at each reboot. I would be grateful if someone could give further exact instructions on what I might be doing wrong. I have never had such trouble getting a certificate working on any other production platform. It seems to me, that with all the concerns about security that users are forced to use https for e-mail the there should be the same concern about instructions/functions to get an ssl cert installed and working.


Thanks

[Jean-Philippe Pialasse]

Hello,

The crt was downloaded from thawte and inserted into the .crt file on SME without problems. Gave the set config pro commands,post upgrade, and poet reboot commands as directed, and all went well. The website was now no longer on line and became unreachable untill I reset the back to the generated files created at each reboot.


Thanks

Reading you, the problem seems to be with the way you inserted the newly generated certificate in your server.
Normaly i would:
- copy the .key in /home/e-smith/ssl.key
- copy the .cst generated from the website  into /home/e-smith/ssl.crt
- finaly i would copy the  chain file given from the CA authority (if they give one) : to /home/e-smith/ssl.crt/ too

then you have to create into db configuration modSSL the keys (with the complete path to the three files  - or two-):
CertificateChainFile
crt
key

finally reconfigure and reboot ... all this is clearly written ont the wiki http://wiki.contribs.org/Custom_CA_Certificate.

as you gave us no log from your server i can only guess that you tried to merge two files ("inserted into the") and httpd did not start because of a bad ssl file
If your web service is unreachable read the log from /var/log/httpd/error_log and give us some clue as we do not have a magic ball.