|
|
|||
|
|||
|
Ok, since there is hardly any documenation on how to do this inCommitCRM... Here's how.. Please note, this may be the blind leading the blind, but hopefully it will save someone some time.
Here is CommitCRM's official documentation: Note that in the instructions, anything in [] should be replaced with your own variables. Also, in CommitCRM's documentation, the process they describe about importing your certifcate and exporting did not work for me. But maybe I did something wrong, your mileage may vary! :) To get an SSL Cert on CommitCRM Web Interface: 1) Download openssl.exe here. Save it in a folder on your desktop. 2) Create a custom config file for openssl and save it in the save directory openssl.exe is in. Instructions on doing that are here: (step 4) http://www.flatmtn.com/article/setti...e-certificates Maybe there's an easier way but that is the only way I could figure out. 3) Open a command prompt and "cd" to the directory openssl is in. Run this command: openssl req -new -newkey rsa:2048 -nodes -out FQDN.csr -keyout Key.key -subj "/C=[COUNTRY ABREVIATION HERE]/ST=[2 DIGIT STATE ABBRIATION HERE]/L=[CITY HERE]/O=[ORGANIZATION NAME HERE]/CN=[FULLY QUALIFIED DOMAIN NAME HERE]" -config "opensslconf.cnf" Where opensslconf.cnf is the path to the config file you created in step 2. This will create the csr request to give to your Certificate Authority. (I used godaddy, $29/ year) Take note of the file that is created called Key.key. You are going to need this. 4) Submit the CSR to your athority and then you should get the certificate back. Mine came in a *.crt format. This will have to be converted. 5) Convert the certificate from a *.crt format to a *.pem format that CommitCRM needs. Run this command: openssl x509 -in [PATH TO CERT FROM CA].crt -out input.der -outform DER And this command: openssl x509 -in input.der -inform DER -out Cert.pem -outform PEM 6) You now have the Key.pem (created in step 3) and the Cert.pem (created in step 5). Last we need the Root.pem. To get that, go to Internet Explorer -> Tools -> Internet Options -> Content -> Certificates -> Trusted Root Certifcation Authorities Tab. Find the CA in the list from whom you purchased your Cert. In my case, it was Go daddy. Click on their name, and Click Export. Export as a Base-64 encoded X.509. Save the file with your other PEM files. Now go rename that file to Root.pem. 7) Save Root.pem, Key.pem, Cert.pem in your CommitCRMdir\Webinterface folder. Go to CommmitWebInterface.ini, and change the SSL Port to whatever you want and Set SSL Required to Y. 8) Restart the CommitCRM web interface service on your server and you should have SSL. You will need to connect to https:\\[fqdn]:[ssl port] Done!! |
|
|
|||
|
|||
|
Instructions for using free StartSSL.com Class 1 Cert .
1.) Sign up for an account at StartSSL.com to get free class1 SSL certs. You'll need to generate a personal key and install it to your browser to authenticate with the StartSSL.com website (cool, but beyond the scope of this document). Its clearly documented on their website. 1.) choose to create a web certificate. 2.) StartSSL will create an encrypted private key first. Be sure to make note of what you choose for a password. For Example 'abcdefghij' (You will need this in CommitCRM interface) Download the encrypted private key and save it to your computer. 3.)Continue in StartSSL to request your certificate. There may be a delay of several hours but it usually comes very quick. 4.) While you are waiting, Go back to the StartSSL toolbox and choose to decrypt the private key you just created. CommitCRM can only use the decrypted version. Save the decrypted key as key.pem 5.) The cert provided by StartSSL is already in .pem format. Simply save a copy with the .pem extension. (cert.crt -> cert.pem) Save it as .crt to import into your browser. 6.) You can get the root and and intermediate cerificate you need directly from StartSSL website in the toolbox area. It's already in PEM format so simply save it as PEM. (Note:you will need to install the intermediate key in your browser. Note: You may want to try with a few test certs (test1.mycompany.com) because if you screw up, you might burn a good cert name like clients.mycompany.com. Driving you crazy? PM me offline (search racassel) and I'll take care of it for you quick for tiny, tiny dollars. It cost me a day to get it down pat. No one should be running CommitCRM Web without SSL! |
|
|
|||
|
|||
|
|
|
|
|||
|
|||
|
We looked into Start SSL a few years ago, but we didnt get approved because I didnt want to give my personal address. They also say this "could" be used for potential investors;
All fields are required! You must provide your correct and complete personal details during initial registration! Be advised, that we may check and verify the validity of the information submitted. Misleading and wrong information will result in the blocking of access and revocation of certificates! See also this FAQ entry for more information. Privacy: The personal details may be used in part or in full in certificates or digital identities. They may be presented in a summarized form to potential investors and business partners, but not in details. We refrain from contacting you, except in cases relevant for the service we provide or for clarifications. Am I the only one who has an issue with this? Just didn't seem worth it just to get a free Cert. |