Need help with generating SSL certificate csr

Web hosting discussion, programming, and shared and dedicated servers.
5 posts Page 1 of 1
by miclrk » Mon Feb 13, 2017 4:12 pm
Need help. We have been told by Sonic Support that we have to generate our own CSR for renewing our SSL certificate. We have been given NO, repeat NO, user instructions about how to do this, and Sonic phone support isn't helping worth a darn. I've been with Sonic for almost 20yrs and have never seen you folks be this unhelpful. So someone~anyone at Sonic Support knowledgable about CSR's, please, we need help out here in user-land. ~~ Thanks
by sonic guest » Mon Feb 13, 2017 10:48 pm
by joemuller » Tue Feb 14, 2017 10:47 am
You should not need a CSR for *renewing* a certificate, only creating a new one. Renewing is usually done by whichever company you purchased the SSL Cert from. If you have hosting with us, you can send the new SSL .crt files or .zip provided by your SSL vendor to support@sonic.net - be sure to note which account and domain the certificate is for, and we'll get it installed.

However, if by any chance you do need to generate a CSR, here's our documentation on how to do so: (you must have Shell Access turned on to log in):
https://wiki.sonic.net/wiki/Generate_a_CSR
I'm a proud employee of Sonic.net! :-)
by miclrk » Tue Feb 14, 2017 10:07 pm
Joe ~ thanks for replying, that was more useful than the many phonecalls I've endured with SonicTech staff,
who have mostly been doing the Sgt. Schultz "I know nothing" drill with me, very frustrating.

So..
* we are doing a renewal, but our third-party issuer insists on a fresh CSR from us this year, something to do with their security protocols.

* I have tried the Sonic/CSR (http://wiki.sonic.net/wiki/Generate_a_CSR) instructions, but it's not working.
When I execute the 'openssl' command, it returns an error "unknown option -nodes -keyout", so no go.
Because the instructions are 3/yrs old, I'm assuming that something has changed on Sonic systems such that the command will fail when tried.

* what I truly need is one competent Sonic person with previous CSR experience who can be on the phone with me for 10-15/mins
so that I can get this done before Friday/17th. That way this can all finish-up in real-time and be behind us.

* we will never ask this from Sonic again, we'll be moving to a different webhost in May.
I know Sonic is not a webhost company per se, so we'll take ourselves off your list for ever needing help again.

Thanks!
by drew.phillips » Wed Feb 15, 2017 11:17 am
Hi miclrk,

I was able to run the openssl command on shell.sonic.net without issue. It may be warning about those options if the command wasn't typed exactly right. Can you paste what you tried here?

While I normally wouldn't recommend using an online tool for this, I made an SSL cert generator a while back that you can use to generate a CSR and private key. You can try it here if you want. The reason you'd normally never want to use something like this for generating an SSL cert is because if I were dishonest and stored the CSR and key, I would have your private key, and later be able to get your cert from the site and potentially be able to decrypt intercepted traffic to your site. As mentioned on the page, I promise that the data is generated in memory and nothing from that tool is logged. If you use the tool, it's critical that you save the private key along with the CSR. The private key will need to be installed along with the new cert once it's issued.

Alternatively, you can copy the commands referenced there and run them from your computer if you use Mac OSX or Linux. For generating keys and CSR's, I typically use:

Code: Select all

openssl req -new -outform PEM -nodes -keyout server.key -newkey rsa:4096 -out server.csr
Drew Phillips
Programmer / System Operations, Sonic.net
5 posts Page 1 of 1

Who is online

In total there are 23 users online :: 0 registered, 0 hidden and 23 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 23 guests