Purchased SSL Cert but can't attach to a website
I purchased a wildcard SSL cert from GoDaddy. I completed the email verification phase, then they provided me with a "generated-csr.txt" file and a "generated-private-key.txt" file. They then provided me with a zip file containing a .crt .pem and .p7b file. I followed their instructions - installed the .p7b file in the intermediate certification authority repository. I then did a complete certificate request as instructed and went to my websites binding and attempted to select the certificate which wasn't there.
I can see the cert in the web-hosting repository but without as has been mentioned a private key. I have a private key in the .txt file, but I don't know what to do with it.
Can someone please shed some light on where this process might have gone wrong?
Solution 1:
they provided me with a "generated-csr.txt" file and a "generated-private-key.txt" file
That seems quite wrong.
The standard process for requesting a certificate should be as follows:
- YOU generate a Certificate Signing Request.
- When creating the CSR, a private key is also generated and stored on your computer.
- You send the CSR to the Certification Authority.
- The CA approves the CSR and signs it.
- You import the answer from the CA in the same computer where you generated the CSR, on which the private key is stored.
- At this point, you have a complete and fully working certificate.
- The private key of the certificate never left your computer; not even the CA should have it.
If the CA sent you both the CSR and the private key, this is the very opposite of what should have happened.
There are several ways to combine the pieces you have into a working certificate; but the whole process appears to be completely botched and I wouldn't trust that certificate for anything.