Hi Mysterious,

Thanks for the link to the youtube video. However, the steps demonstrated do not match up with the steps in the admin guide. Not to worry, I gave it a go anyway. I tried to import the SSL certificate by selecting my new self-signed certificate then selecting from the file menu Certification Request->Import CA Reply.

I received the following error: No certificates were found in the supplied CA reply.

Do I need the chain certificates?
Am I missing something?

regards
Alan



>>> Mysterious<Mysterious@heaven.com> 22/8/2017 6:07 PM >>>

On 08/22/2017 09:47 AM, Alan Lew wrote:

> Hi All,
> I have a problem with importing an SSL to my Iprint Appliance 2.1 HP 79
> I'm receiving the following error when attempting the import of the ssl
> certificate: "No certificates were found in the imported file."
> Here's what I have done:
> 1. created a new self-sign server certificate as per 9.4.3 of the admin
> guide
> 2. activated the certificate and restarted the appliance
> 3. generated a CSR using the new self-signed certificate
> 4. submit my request for an SSL
> 5. upon receiving the certificate (crt format) I follow 9.4.7 of the
> guide to convert it to pfx format.
> I think the problem is the conversion step. The example of the certman
> command references 3 files needed for the conversion:
> 1. third part certificate
> 2. the key file
> 3. the chain certificate file
> Is the key file "vaserver.key" located at /vastorage/conf/certs/?
> And is the chain file vachain.crt or vaserver.pem also located at
> /vastorage/conf/certs/?
> If not where might I find the files.
> I did not receive a chain file from the CA when requesting the SSL.
> Thanks for your assistance.
> regards
> Alan


https://www.youtube.com/watch?v=0AZp-dwEbT4

On 08/23/2017 02:00 PM, Alan Lew wrote:
> Hi Mysterious,
> Thanks for the link to the youtube video. However, the steps
> demonstrated do not match up with the steps in the admin guide. Not to
> worry, I gave it a go anyway. I tried to import the SSL certificate by
> selecting my new self-signed certificate then selecting from the file
> menu Certification Request->Import CA Reply.
> I received the following error: No certificates were found in the
> supplied CA reply.
> Do I need the chain certificates?
> Am I missing something?
> regards
> Alan
>
> >>> Mysterious<Mysterious@heaven.com> 22/8/2017 6:07 PM >>>
> On 08/22/2017 09:47 AM, Alan Lew wrote:
> > Hi All,
> > I have a problem with importing an SSL to my Iprint Appliance 2.1 HP 79
> > I'm receiving the following error when attempting the import of the ssl
> > certificate: "No certificates were found in the imported file."
> > Here's what I have done:
> > 1. created a new self-sign server certificate as per 9.4.3 of the admin
> > guide
> > 2. activated the certificate and restarted the appliance
> > 3. generated a CSR using the new self-signed certificate
> > 4. submit my request for an SSL
> > 5. upon receiving the certificate (crt format) I follow 9.4.7 of the
> > guide to convert it to pfx format.
> > I think the problem is the conversion step. The example of the certman
> > command references 3 files needed for the conversion:
> > 1. third part certificate
> > 2. the key file
> > 3. the chain certificate file
> > Is the key file "vaserver.key" located at /vastorage/conf/certs/?
> > And is the chain file vachain.crt or vaserver.pem also located at
> > /vastorage/conf/certs/?
> > If not where might I find the files.
> > I did not receive a chain file from the CA when requesting the SSL.
> > Thanks for your assistance.
> > regards
> > Alan
>
> https://www.youtube.com/watch?v=0AZp-dwEbT4
>
>

it looks like the CA authority that signed the cert did not send you all
files.
a .crt file can be the public key of the CA but you should get another
..crt file (public server certificate) and a .pem file (private server
certificate).
At least this is how VeriSign does it. Then you can use certman.sh or
openssl command to convert onto pfx

The vaserver.key is just used as an example on the docs. And at the
beginning says:

If you plan to use a third party certificate instead of the self-signed
certificate, you need to meet the following prerequisites:

Server certificate signed by CA

Private key

Chain certificates

So it looks like you did not get all files from CA authority signing the
cert.

Thanks Mysterious,

I'll speak to our Security team who submitted the request on my behalf to check with the CA.

regards
Alan


>>> Mysterious<Mysterious@heaven.com> 23/8/2017 10:17 PM >>>

On 08/23/2017 02:00 PM, Alan Lew wrote:

> Hi Mysterious,
> Thanks for the link to the youtube video. However, the steps
> demonstrated do not match up with the steps in the admin guide. Not to
> worry, I gave it a go anyway. I tried to import the SSL certificate by
> selecting my new self-signed certificate then selecting from the file
> menu Certification Request->Import CA Reply.
> I received the following error: No certificates were found in the
> supplied CA reply.
> Do I need the chain certificates?
> Am I missing something?
> regards
> Alan
>

> >>> Mysterious<Mysterious@heaven.com> 22/8/2017 6:07 PM >>>

> On 08/22/2017 09:47 AM, Alan Lew wrote:

> > Hi All,
> > I have a problem with importing an SSL to my Iprint Appliance 2.1 HP 79
> > I'm receiving the following error when attempting the import of the ssl
> > certificate: "No certificates were found in the imported file."
> > Here's what I have done:
> > 1. created a new self-sign server certificate as per 9.4.3 of the admin
> > guide
> > 2. activated the certificate and restarted the appliance
> > 3. generated a CSR using the new self-signed certificate
> > 4. submit my request for an SSL
> > 5. upon receiving the certificate (crt format) I follow 9.4.7 of the
> > guide to convert it to pfx format.
> > I think the problem is the conversion step. The example of the certman
> > command references 3 files needed for the conversion:
> > 1. third part certificate
> > 2. the key file
> > 3. the chain certificate file
> > Is the key file "vaserver.key" located at /vastorage/conf/certs/?
> > And is the chain file vachain.crt or vaserver.pem also located at
> > /vastorage/conf/certs/?
> > If not where might I find the files.
> > I did not receive a chain file from the CA when requesting the SSL.
> > Thanks for your assistance.
> > regards
> > Alan

>
> https://www.youtube.com/watch?v=0AZp-dwEbT4
>
>


it looks like the CA authority that signed the cert did not send you all
files.
a .crt file can be the public key of the CA but you should get another
.crt file (public server certificate) and a .pem file (private server
certificate).
At least this is how VeriSign does it. Then you can use certman.sh or
openssl command to convert onto pfx

The vaserver.key is just used as an example on the docs. And at the
beginning says:

If you plan to use a third party certificate instead of the self-signed
certificate, you need to meet the following prerequisites:

Server certificate signed by CA

Private key

Chain certificates

So it looks like you did not get all files from CA authority signing the
cert.

Hi All,

Sorry to be a pain, I got caught up with a fleet rollout and office relocation and have only just got back to looking at this.

Following on from what Mysterious has mentioned, I need:

1. Server certificate signed by CA - this I have rec'd
2. Private key - according to the iprint doco (section 8.4, under terminology) the key file is automatically generated when creating the CSR. So when might I file this file?
3. Chain certificates - according to my security who submit the request to the CA, the chain certificates (root and intermediate) are already included in the sign server certificate.

So I'm missing the Private Key file. Any idea where this might have been saved when created?

regards
Alan


>>> Mysterious<Mysterious@heaven.com> 23/8/2017 10:17 PM >>>

On 08/23/2017 02:00 PM, Alan Lew wrote:

> Hi Mysterious,
> Thanks for the link to the youtube video. However, the steps
> demonstrated do not match up with the steps in the admin guide. Not to
> worry, I gave it a go anyway. I tried to import the SSL certificate by
> selecting my new self-signed certificate then selecting from the file
> menu Certification Request->Import CA Reply.
> I received the following error: No certificates were found in the
> supplied CA reply.
> Do I need the chain certificates?
> Am I missing something?
> regards
> Alan
>

> >>> Mysterious<Mysterious@heaven.com> 22/8/2017 6:07 PM >>>

> On 08/22/2017 09:47 AM, Alan Lew wrote:

> > Hi All,
> > I have a problem with importing an SSL to my Iprint Appliance 2.1 HP 79
> > I'm receiving the following error when attempting the import of the ssl
> > certificate: "No certificates were found in the imported file."
> > Here's what I have done:
> > 1. created a new self-sign server certificate as per 9.4.3 of the admin
> > guide
> > 2. activated the certificate and restarted the appliance
> > 3. generated a CSR using the new self-signed certificate
> > 4. submit my request for an SSL
> > 5. upon receiving the certificate (crt format) I follow 9.4.7 of the
> > guide to convert it to pfx format.
> > I think the problem is the conversion step. The example of the certman
> > command references 3 files needed for the conversion:
> > 1. third part certificate
> > 2. the key file
> > 3. the chain certificate file
> > Is the key file "vaserver.key" located at /vastorage/conf/certs/?
> > And is the chain file vachain.crt or vaserver.pem also located at
> > /vastorage/conf/certs/?
> > If not where might I find the files.
> > I did not receive a chain file from the CA when requesting the SSL.
> > Thanks for your assistance.
> > regards
> > Alan

>
> https://www.youtube.com/watch?v=0AZp-dwEbT4
>
>


it looks like the CA authority that signed the cert did not send you all
files.
a .crt file can be the public key of the CA but you should get another
.crt file (public server certificate) and a .pem file (private server
certificate).
At least this is how VeriSign does it. Then you can use certman.sh or
openssl command to convert onto pfx

The vaserver.key is just used as an example on the docs. And at the
beginning says:

If you plan to use a third party certificate instead of the self-signed
certificate, you need to meet the following prerequisites:

Server certificate signed by CA

Private key

Chain certificates

So it looks like you did not get all files from CA authority signing the
cert.

On 18-12-17 02:49, Alan Lew wrote:
> Hi All,
> Sorry to be a pain, I got caught up with a fleet rollout and office
> relocation and have only just got back to looking at this.

It will be easier and faster if you upgrade the appliance to version
3.1. It has a new certificate tool where you just drag and drop them and
if something is missing, it will tell you.

https://www.novell.com/documentation/iprint-appliance-3/iprint_admin/data/app_config.html#certificates

Path to upgrade:

1. Deploy a new 3.0 appliance using same name, ip address and hostname
as the current 2.1
2. Register the new 3.0 appliance into the channel and upgrade to 3.1
3. Apply 3.1 patches thru the channel
4. Perform migration from 2.1

After finish see link above to add the third party certificate