Signiant Support

Generating and Importing Comodo certificates using the Signiant supplied script. Print


Question:

How do I use the Signiant supplied script "sig_ssl_script" to generate and import a Comodo Certificate Signing Request (CSR)?
 


Answer:

Signiant works with the certificate authority Comodo to supply globally recognized certificates to Signiant Managers and Signiant Media Exchange Web Servers. Signiant has created a user friendly script that will automate the process of generating a Comodo CSR and importing Comodo certificates.  Please refer to the resolution below for the full details.

The sig_ssl_script is attached to this article.  Be sure to run the script on the machine you are obtaining the certificate for.  The procedure requires 2 steps:

  1. Generating a Certificate Signing Request (CSR)
  2. Importing the Certificates into the Signiant Manager or Signiant Media Exchange Web Server keystore.

1. Generating a Certificate Signing Request (CSR).

To generate a CSR, you will need to execute the sig_ssl_cert_yyyymmdd.pl script (attached) using the generate option.

     linux:
          1. Place the script in: [signiant_install_dir]/bin/perl/bin
          2. cd [signiant_install_dir]/bin/perl/bin
          3. chmod 555 ./sig_ssl_cert_20150127.pl
          4. ./perl ./sig_ssl_cert_20150127.pl -generate

     Windows:
          1. Place the script in: [signiant_install_dir]\bin\perl\bin
          2. cd [signiant_install_dir]\bin\perl\bin
          3. perl sig_ssl_cert_20150127.pl -generate
 

You will then be prompted to enter some information:

  • Please enter the FQDN of this machine [servername.host.com]:
    • If the server host name is the same as what is disclosed in the brackets, you can press enter. Otherwise, enter the Fully Qualified Domain Name for the server and press enter.     
  • What is the name of your organizational unit (Company Name)? Signiant
  • What is the name of your organization (Department)? Customer Support
  • What is the name of your City or Locality? Ottawa
  • What is the name of your State or Province? Ontario
  • What is the two-letter country code for this unit? CA

 

Once all the information is entered, the script will

  1. Create a directory named sig_ssl_cert under the Signiant's log directory.
    • Windows: <Signiant install dir>/Mobilize/log/sig_ssl_cert
    • Linux: <Signiant install dir>\dds\log\sig_ssl_cert
  2. Generate the new keystore under the new directory.
  3. Generate the new CSR (certificate signing request).
    • The CSR will have the server name as part its file name. (e.g servername.host.com.csr)
       
  4. Generate a log file. 

Once the CSR has been generated, copy its contents and paste it into the CSR text box at the following Comodo site

https://secure.Comodo.net/products/frontpage?reseller=y&ap=SigniantInc.&area=SSL&product=301&days=730

 

 

 

 

 

 

 

Select "Tomcat" for the server software used to generate the CSR

 

 

 

Select "No Preference" for the signing algorithm. It will then default to SHA-2.

 

Click next.

 

You will then need to confirm your corporate details and contact information.  Once done, click 'Agree & Continue'.

Once the order is confirmed, the request will then need to be validated by Comodo, your ISP, and Signiant. These three steps will be done by Comodo.

Comodo will then sign the request and email you the certificates.

 

 

2. Importing the Certificates into the Signiant Manager or Signiant Media Exchange Web Server keystore.
 

Once you receive the certificates, unzip them into the keystore directory and follow the steps below. Importing a Comodo CA into your Manager's web server will allow web browsers to connect without SSL warnings. No maintenance outage is necessary, but the web server will need to be restarted which will make GUI access unavailable for a few minutes.

To import Comodo certificates, run the sig_ssl_cert script as follows (preceed the command with './perl' or 'perl' depending on your OS):

               sig_ssl_cert_yyyymmdd.pl -import [-dir Directory] [-file Certificate]

(If no arguments are supplied to import, the script will run with the -dir option and prompt for the path to the Comodo certificates directory.) 

Using the -dir option:

(preceed the command with './perl' or 'perl' depending on your OS)

               sig_ssl_cert_yyyymmdd.pl -import -dir <path to Comodo certificates>

When the Import is run with the -dir option, the script will:

  1. Scan the supplied directory to check if the 4 Comodo certificates are found (5 certificates if SHA-1), otherwise it will fail and exit.
  2. Prompt if user would like to backup the original keystore files.
    • If you already made a backup to the original keystore files, you should say no to this option so the original backup files do not get overwritten.
    • If you select yes, the script will back up the following keystore files:
      • <signiant_install_path>\log\sig_ssl_cert\keystore
      • JBOSS: <signiant_install_path>\3rdparty\jboss\server\default\conf\keystore
      • Tomcat: <signiant_install_path>\3rdparty\tomcat\conf\keystore
  3. Import the certificate files from the directory
    • Please make sure that the directory has the 4 or 5 certificates that you wish to import.
  4. Move the newly generated Keystore to:
    • Jboss: \3rdparty\jboss\server\default\conf
    • Tomcat: \3rdparty\tomcat\conf\
  5. Prompt user to restart the Signiant web server
    • You may elect to restart the web server at a later time, however, the certificate changes will only take effect after the web-server is restarted.
Update: After the certificates have been successfully imported, please copy and paste the contents of the AddTrustExternalCARoot.crt certificates into the sigsetup.inf file.  To do this, open the certificates and the sigsetup.inf files with any text editor, copy the contents of the certificate and paste them in the sigsetup.inf file. Insert the certificate right after the first certificate found in the inf file.

         

Using the -file option:

preceed the command with './perl' or 'perl' depending on your OS)
               sig_ssl_cert_yyyymmdd.pl -import -file <path to certificate file>

When the Import is run with the -file option, the script will:

  1. Prompt if user would like to backup the original Keystore files
  2. Import the certificate file provided
  3. Prompt user to restart the Signiant web server

Additional Information

 
This section applies only if you have installed a new certificate on your Signiant Manager.  If you have updated only certificates on Media Exchange Web Servers you can skip this section.

After the Comodo certificate is imported into the Signiant Manager, there are some necessary changes that will need to be made on the agents in order to renew their certificates. If the changes are not made, certificate renewals will fail. 
Please refer to KB article 843 "Tasks to perform when using Comodo certificates in order that agents can still renew certificates" for more details. 

Copyright © 2015 Signiant Inc, all rights reserved.

Attachments

sig_ssl_cert_20150806.pl sig_ssl_cert_20150806.pl