TM1 Forum

Hi Group,
I am trying to purchase the proper CA SSL cert and I am running into a few issues.

I have called several SSL CA Providers. One of them being Comodo.com, They say that I cannot send them 2 CSR outputs.
In Step 2 of the following link from IBM Support it say to : ” Send encryptRequest.csr and signRequest.csr located in ..\ssl to the Certificate Authority. As a result one *.pem file for the encryptRequest.csr, and one *.pem file for the signRequest.csr is received, as well as one or more *.pem files for the intermediate CA´s and/or root CA. Copy these files to ..\ssl “

http://www-01.ibm.com/support/docview.w ... wg21902547

I need clarification as to what I should send to the CA or if there is a different SSL cert I need to purchase.
I was thinking maybe I needed to buy 2 ssl certs but they informed me that I cannot buy 2 certs for the same domain.

Thanks

Tell them you need separate key pairs for signing and encryption. It should be possible as we have done that before through corporate CA.

kangkc wrote:Tell them you need separate key pairs for signing and encryption. It should be possible as we have done that before through corporate CA.

Thanks for the reply. This is not my area of expertise but every time I talk to the SSL provider (I have called a few) and I have sent the documentation they all talk to me like I am crazy.
They are like um no you can't send us 2 csr files for one cert. Then I ask, do I need 2 certs? They say well you can't have 2 certs for 1 domain name...

This is where my confusion lays.

Send them this if they do not understand.

https://en.wikipedia.org/wiki/Digital_s ... encryption

I am not a SSL expert as well...

kangkc wrote:Send them this if they do not understand.

https://en.wikipedia.org/wiki/Digital_s ... encryption

I am not a SSL expert as well...

Thanks for the link, I sent this to them (Comodo.com) and they replied with
"We understand how key pairs work. However, this does not clarify what is needed. Please check with IBM to find out what is specifically needed.

Regards,
Comodo SupportRegards,"

I contacted IBM and they basically said read our instructions LOL..
I am so frustrated going back and forth.. I just need to know If I am supposed to buy 2 certs for the same domain or 1 cert and send 2 CSR files(They said they cant do).

May be you should change provider.
There is no problem with IBM documentation as we have done that before both using OPENSSL (for testing) as well as cert provider.

kangkc wrote:May be you should change provider.
There is no problem with IBM documentation as we have done that before both using OPENSSL (for testing) as well as cert provider.

Thanks for the advice.

I contacted Symantec and they sent over instruction for what I will need to do. I have not done this yet but wanted to share here. I will be testing it out this week.
INSTRUCTIONS:
So what you will have to do is purchase a Secure Site SSL certificate, once you have placed the order you will have created a Trust Center.
Once the certificate has issued you will have a certificate with the RSA Algorithm which you can use for the encrypt key pair.
The trust center will give you the option of getting a free DSA algorithm certificate as seen highlighted below:
PIC Attached:

Follow the prompts from there and you should have the 2 certificates that you require.

Babandit wrote:

kangkc wrote:May be you should change provider.
There is no problem with IBM documentation as we have done that before both using OPENSSL (for testing) as well as cert provider.

Thanks for the advice.

I contacted Symantec and they sent over instruction for what I will need to do. I have not done this yet but wanted to share here. I will be testing it out this week.
INSTRUCTIONS:
So what you will have to do is purchase a Secure Site SSL certificate, once you have placed the order you will have created a Trust Center.
Once the certificate has issued you will have a certificate with the RSA Algorithm which you can use for the encrypt key pair.
The trust center will give you the option of getting a free DSA algorithm certificate as seen highlighted below:
PIC Attached:

Follow the prompts from there and you should have the 2 certificates that you require.

This did not work!!!!!!!!!!!!!! but I found a solution and added it to a different topic.http://www.tm1forum.com/viewtopic.php?f ... 120#p63119

Bandit