Dépannage

1. J'ai reçu un seul fichier (.crt ou cer) qui contient le certificat MydomainName.com.

Look at the path in the certificate properties. If your certificate is at the root, then you don’t have any intermediate certificate. You must only import the .cer or .crt you received.

If the path contains other intermediate certificates, then they will be needed. You can export these certificates included in yours and create a file by certificate.

Screenshot 1 You can export each certificate listed in the path and get one file per certificate.

Doble clic en el certificado que deseas exportar. Luego ve a Detalles / Copiar a archivo.

Screenshot 2 Screenshot 3 Cliquez sur suivant. Les valeurs par défaut sont correctes. Cliquez sur suivant jusqu'à ce que vous deviez donner un nom. Confirmez votre exportation. Le résultat est un fichier .cer contenant uniquement le certificat exporté. Répétez cette exportation pour chaque niveau du chemin.

2. Mi clave privada es .pem. No puedo importar mi clave privada en Portecle.

Puedes convertir tu .pem en formato pfx con herramientas o sitios en línea. Por ejemplo, en este sitio: https://www.sslshopper.com/ssl-converter.html

You must have your Private Key and your certificate (e.g. MyDomainName.com)

Browse to select the certificate to convert and the Private Key that goes with it. Current certificate type is PEM. Type to convert to is PFX (PKCS#12). As .pfx is a secured format, you must enter a password. You can choose whatever you want, but, at least, you will have to set it to ‘secret’. So you should enter the password ‘secret’.

The result is a .pfx format that you will be able to import in Portecle. As we saw in the installation section, this Private Key imported in Portecle must receive a CA Reply. See section Installation / CA reply for further information.

3. Erreurs HTTPS

SSL error no cypher overlaps.

Screenshot 5 The Private Key or the Key Pair has not been imported in cert.jks or is invalid. Other errors types give the same screen with another error code. Take a look at this code error. It concerns the certificate and something with it that goes wrong. It is usually because one of the fields of the certificate is not valid or blank. Have a look to your certificate Properties and Request. Verify that all the fields are correct. Report to section how to do a Request for more information.

4. Avis concernant Terminal Service Plus et le serveur web Microsoft IIS

Veuillez vous référer à nuestra documentación sobre el uso de IIS con Terminal Service Plus

Cependant, voici quelques informations importantes sur IIS et les certificats :

When using IIS, the certificate has to be installed in the keystore cert.jks. This must be done in the same way as if we were using Terminal Service Plus Web Server, and as described in the previous chapter.

No vincule el puerto 443 HTTPS en IIS, ya que este es el servidor web de Terminal Service Plus que maneja el protocolo HTTPS, el certificado y su encriptación. No se debe crear ningún vínculo en el puerto 443. Por lo tanto, IIS solo debe tener vinculado el puerto 81.

We are free to use IIS Request Tool to create the Private Key and the CA Request. It is simple to export the Private Key from IIS (IIS/Default site/Certificates) in the .pfx format and import it in cert.jks as described in the previous chapter.

Back to HTTPS, SSL & Certificates Tutorial Summary