Page 1 of 1

ssl cert error

Posted: Fri Jun 22, 2018 12:18 am
by electravis
I have imported a ssl cert I got from digicert in order to use www-ssl and api-ssl. I created the cert on a linux box. Everything is working as it should I get that my tik web page connection is secure and the api is running over my secure port. However I am still getting in the log files "got CRL with bad signature issued by DigiCert....."

Not sure how to resolve this error.
Thanks

Re: ssl cert error

Posted: Fri Jun 22, 2018 12:22 am
by chechito
certificate provider will give you 2 things:

certificate
CA bundle

you have to import certificate, then your private key, then the CA bundle and you are done

Re: ssl cert error

Posted: Tue Jul 17, 2018 5:05 pm
by electravis
Thanks for the info all I got from them was an email with the plaint text of the cert and ca in the email.

So what the called the web server certificate. I copied that into text file and saved that as my .cert file

What they called the Intermediate CA. I copied that into text file and saved as .ca

Next I uploaded to the tik my two above files along with my . key file i made in openssl.

I then first import my .cert then import the .key and finally the .ca file and still get the bad signature error.

At the end of the imports my my ca has an lt in status on tik and my cert has a klt in status.

Everything sounds right to me

Any thoughts.

Re: ssl cert error

Posted: Tue Jul 17, 2018 5:15 pm
by tippenring
CRL is the cert revocation list. I'm guessing the CRL is perhaps signed by a cert which the router doesn't trust. You may need to import a different cert chain for it.

Re: ssl cert error

Posted: Tue Jul 17, 2018 11:10 pm
by electravis
Sorry not real up on all the ssl cert stuff but if I uncheck under settings "crl download" the error stops and all seems to still work as expected. I cant really find any info on what crl download does and if i even needed it.

Any input.

Thanks