Reputation: 61
Configuring TLS certificate for Github Enterprise server
On my Github enterprise when I install the SSL certificate with the key its displaying an error message:
"Github ssl cert The certificate is not signed by a trusted certificate authority (CA) or the certificate chain is missing intermediate CA signing certificates."
I was given from our certification authority team 4 certificates.
- SSL certificate : github.pem
- A set of 3 CA certificates : root, subca and subca2
On my Github enterprise management console, it needs 2 entries
- A x509 SSL certificate
- Unencrypted key
I have tried github.pem key alone and with different combination by concatenating CA certificates, but its failing always with the same error.
Is there a pattern to concatenate the certificate?
Any clue how i can resolve this?
Thanks in advance.
Upvotes: 6
Views: 9454
Answers (2)
Reputation: 441
Please abide the following steps to add 3 certificates to your .pem file:
- Open your domain certificate pem file in Notepad ++.
- Add intermediate (DigiCertCA2.pem) certificate under Domain certificate.
- Add root certificate (TrustedRoot.pem) to your domain certificate.
- Save the .pem file that have the following 3 certificates (domain , intermediate, root).
- Upload the modified certificate.pem file and the private key.
- click on Save Settings.
Upvotes: 6
Reputation: 37
I had the same issue. When trying to load the PEM and Key files to GitHub Enterprise I got the same message. The cert was created using the exact same methods as I have done before, but was failing.
Github ssl cert The certificate is not signed by a trusted certificate authority (CA) or the certificate chain is missing intermediate CA signing certificates.
Steps I took:
- Created a cert for the server (webserver with Private Key)
- Exported from my users personal store (PFX including all certs in the path and export all extended properties)
- C:\OpenSSL-Win64\bin> openssl.exe pkcs12 -in git_key_included.pfx -nocerts -out priv-key.pem -nodes
- C:\OpenSSL-Win64\bin> openssl.exe pkcs12 -in git_key_included.pfx -nokeys -out cert.pem
- C:\OpenSSL-Win64\bin> openssl rsa -in priv-key.pem -out server.key
I eventually figured it out by opening the PEM using Notepad++. The openssl commands work fine on the old exported cert, but swap around the ordering of the certs on the new exported cert. The broken cert had:
Primary SSL certificate Root certificate Intermediate certificate
Instead of the correct ordering of:
Primary SSL certificate Intermediate certificate Root certificate
So I swapped them around and it worked.
Upvotes: 2
Related Questions
- github: server certificate verification failed
- Github pages not provisioning TLS certificate. "TLS certificate is being provisioned. This may take up to 15 minutes to complete."
- Adding A Certificate Authority in GitLab?
- Github - TLS certificate verification has been disabled! on Windows
- SSL Error Certificate subject name does not match target host for github.com
- Github unable to access SSL connect error
- Git - "SSL certificate issue: self signed certificate in certificate chain"
- How to add custom certificate to git client? (Ubuntu)
- How to use https for authentication from EGit to GitHub
- How to Fix SSL certificate error when want to push to GitHub using git bash?