Install SSL Certificate from GoDaddy

robwarren · May 26, 2017, 5:36pm

Hello,

I recently struggled to get an SSL certificate installed which I had purchased from GoDaddy.

Following this KB article was very helpful until it got to the part where I needed to import the certificates.
https://inductiveautomation.com/news/how-install-genuine-ssl-certificate

GoDaddy did not provide me the Root Certificate in my original download.

To get the root certificate go to the cert repository located here:
https://certs.godaddy.com/repository/

The Root Certificate is: gdroot-g2.crt

The Intermediate Certificate is: gdig2.crt

and the “Server’s Certificate” is: some_16_character_ hexstring_ filename.crt

Using these file names with the old KB article worked for me. Thanks to inductive support for working through this with me.

robwarren · June 21, 2019, 2:41pm

Hello,
My Certificate expired, so I had to update it with a new “Server Certificate” which godaddy automatically issued.
I tried to go in and delete the tomcat alias cert with keytool -delete and then add the newly issued cert, but that didn’t work.

So, I just ran through the entire process again, and had GoDaddy Re-Key the certificate. This was a pain in the butt since it took them several hours to verify everything.
Once I did that, everything worked perfectly.

All of this to say, THIS TIME: I kept a copy of my original ssl.key BEFORE adding in any of the certificates. So, hopefully in 2 years when this happens again, I can just take a copy of that file and add the 3 cert files.

Best of luck to everyone dealing with certs!

Kevin.Herron · June 21, 2019, 2:44pm

The new SSL certificate flow in Ignition 8 makes generating a CSR or installing an existing certificate much easier than it used to be.

The next release should also explicitly support the certificate renewal workflow as well.

pturmel · June 21, 2019, 4:05pm

I was recently tempted to do a module for this on my own – glad I won’t be duplicating the effort. It would be nice if it supported Let’s Encrypt auto-renewals… (-:

Kevin.Herron · June 21, 2019, 4:06pm

It doesn't, but it's something we're aware of.

It's not a priority because in order to use Let's Encrypt your gateway must be reachable over the internet.

robwarren · June 21, 2019, 7:01pm

I would like to point out again that with Perspective, many more people are going to be making at least some of their projects available externally.

robwarren · May 25, 2021, 9:49pm

Well, here we are 2 years later, and everything is changed. But it’s SO much easier now.

Go to: Gateway → Config → Networking → Web Server
Then: SSL/TLS → View Details button
Then: Upload Trusted CA-signed SSL Certificate (Link at the bottom)

Now you just have to drag and drop your new server, then intermediate, then root file (In that order) into the boxes.

Don’t worry about any kind of a new CSR or anything like that.

Hip-Hip-Hooray for IA!

Kevin.Herron · May 25, 2021, 9:52pm

Yes, and we also support Let’s Encrypt now too