I have uploaded my own SSL wildcard certificate using the instructions at:
I have updated UI and changed the consoleproxy.url.domain in Global Settings.
However, browsers are still giving certificate errors showing
"The certificate is only valid for the following names: *.realhostip.com, realhostip.com"
When I generated my csr and purchased a wildcart cert I used my own domain name but browsers are still picking up realhostip info.
I've also tried destorying the console proxy VM and including both intermediate certs when updating SSL through the UI.
Thanks.
Try following the procedure listed here, http://support.citrix.com/article/CTX133468
Thanks for info Somesh.
I came across that guide before and tried to upload my SSL cert through the API. However, I kept getting the error
"Unable to execute API command uploadcustomcertificate due to missing parameter certificate"
My API call looks like this:
curl http://localhost:8096/client/api?command=uploadCustomCertificate&id=1&name=root1&domainsuffix=mydomain.com&certificate=-----BEGIN%20CERTIFICATE%20REQUEST-----<rootcertificate>-----END%20CERTIFICATE%20REQUEST-----
The command looks exactly like the guide but it keeps giving the missing parameter error.
Thanks.
Edited by Ravi Bandara, 06 February 2015 - 08:19 PM.
Can you make sure you are uploading the correct root certificate? The reason I ask is I see text like "certificate request".
That's one thing I've never been able to find a clear answer on.
I have the following:
- private key
- csr generated from private key
- certificate from RapidSSL generated using csr
- primary and secondary intermediate CA from RapidSSL
- PKCS#8 Private Key
Which one am I supposed to be using? I've tried URL encoded versions of all of them, except the intermediate keys, in the API call but keep getting the missing parameter error.
Edited by Ravi Bandara, 06 February 2015 - 09:21 PM.
You need CA's root certificate. Check with RapidSSL, they should help you in getting the root and intermediate certificates.
Thanks, I will contact RapidSSL and proceed from there.
I got in contact with RapidSSL and provided the link to download their CA root certificated.
I was able to fix my original issue by uploading the certs again using the UI. Now the browsers I've tested with (Chrome, IE, Firefox) no longer see realhostip.com.
However, with the correct CA root cert, I was still not able to upload it via the API.
I still keep getting the missing parameter error.
This is why my API call looks like in full (with the domain edited out)
I was using an online tool for URL encoding (http://meyerweb.com/eric/tools/dencoder/) but it looked to be encoding correctly.
Thanks for the point in the right direction. My original issue is resolved but was never able to upload via API.
Ask, Discuss, Answer
