Renewing SSL cert

For discussion of the Poker Mavens server module and other administration topics
Post Reply
naked_eskimo
Posts: 123
Joined: Wed Jan 07, 2015 3:51 pm

Renewing SSL cert

Post by naked_eskimo »

Hi all, I purchased a cert last year using the FAQ article on this site. I ended up with a PositiveSSL cert, but after that it's a bit confusing. I am not sure if the reseller was Commodo or Sectigo? I see all three names on my original invoices/purchase order. So, it's a bit confusing whom to renew this cert through.

I have been getting reminders directly from PositiveSSL, and no one else. So I processed one and the cheapest yearly option I could find at PositiveSSL was $75. But I only paid $16.95 originally for the cert.

Has anyone renewed a cert that they purchased by following the directions on this site? I'm confused as to what route I should take, and why I am only getting a renewal notice directly from PositiveSSL. I am not looking to pay $75 USD for a renewal.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: Renewing SSL cert

Post by Kent Briggs »

Commodo is now calling themselves Sectigo. First check to see when your current SSL cert actually expires. Connect to your site using Chrome and then click the little padlock icon next to the URL. Click Certificate and then look at the "Valid to" date. You can get an SSL cert for under $9/year. I link to one here:

http://www.briggsoft.com/docs/pmavens/Utilities.htm#ssl
naked_eskimo
Posts: 123
Joined: Wed Jan 07, 2015 3:51 pm

Re: Renewing SSL cert

Post by naked_eskimo »

Thanks. I did the renewal with a new CSR and a new key file. I validated after purchase and have received my new cert, but I can't get it to work in PM.

I changed the settings to point to the new key and cert file, but left root certificate the same as previous. I did not receive a bundle file like when I originally purchased the cert last year. But when I try to load the cert, I get:

Could not load certificate. error:0906D06C: PEM routines:PEM_read_bio:n start line.

Any suggestions, perhaps?


Thank you.
naked_eskimo
Posts: 123
Joined: Wed Jan 07, 2015 3:51 pm

Re: Renewing SSL cert

Post by naked_eskimo »

When I try to double click the .cer file that I received, I get an error stating the file is invalid for use as the following: Security Certificate.

I chose IIS 5.x or later for cert type. Was that incorrect? When viewing the cert as a text file, it starts as a PKCS7 file..if that's important.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: Renewing SSL cert

Post by Kent Briggs »

naked_eskimo wrote:Could not load certificate. error:0906D06C: PEM routines:PEM_read_bio:n start line.
Often they'll give you cert files with Linux line terminators whereas OpenSSL expects Windows line terminators (which includes both a carriage return and a line feed character). You can convert them using NotePad++ (a freeware text editor):

https://notepad-plus-plus.org/

Edit -> EOL Conversion -> Windows
naked_eskimo
Posts: 123
Joined: Wed Jan 07, 2015 3:51 pm

Re: Renewing SSL cert

Post by naked_eskimo »

Thank you for the response.

The EOL option for Windows is greyed out. I'm assuming because it's already in the right format?
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: Renewing SSL cert

Post by Kent Briggs »

naked_eskimo wrote:The EOL option for Windows is greyed out. I'm assuming because it's already in the right format?
You can email me your files and I'll look at them.
naked_eskimo
Posts: 123
Joined: Wed Jan 07, 2015 3:51 pm

Re: Renewing SSL cert

Post by naked_eskimo »

Thank you.

Email sent.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: Renewing SSL cert

Post by Kent Briggs »

Your cert was in P7b/PKCS7 format and Poker Mavens (via OpenSSL) requires PEM format. But you can easily make the conversion at this web site:

https://www.sslshopper.com/ssl-converter.html

You may still need to do the Windows EOL conversion on it (using NotePad++) after the conversion.
naked_eskimo
Posts: 123
Joined: Wed Jan 07, 2015 3:51 pm

Re: Renewing SSL cert

Post by naked_eskimo »

Thank you, Kent.

The cert is now useable.
Post Reply