Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

What extension file does Hue Configuration for SSL

avatar
Expert Contributor

SSL.jpg

 

Hi,

 

Does ssl_certificate accepts only as .crt file extension or .pem or .cer or .der also works?

 

because when i did ssl with self signed certificate everything hue starts but when i did with Microsoft generated ssl certificate and key it gave me this error

 

OpenSSL.SSL.Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL

routines', 'SSL_CTX_use_certificate_file', 'PEM lib')]

 

 

1 ACCEPTED SOLUTION

avatar
Expert Contributor

Thanks alot,

 

I got this issue resolved.

The certificate generated from IIS Microsoft was not correct

Once i got the ptx format for certificate.

I extracted the key and certificate from .ptx format as .key and .crt file like

 

For the key:-

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

 

For the certificate

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

 

Just gave all the rights to both key and cert and made the key passphrase less. as

 

cp [server.key] [server.key.org]

openssl rsa -in [server.key].org -out [server.key]

 

and gave the path of key and cert in Hue.

View solution in original post

3 REPLIES 3

avatar
Expert Contributor

SSL.jpg

avatar
Master Guru

The extension does not matter, but the format does.  The file should be in "PEM" format.  It should contain these lines:

 

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

 

-Ben

avatar
Expert Contributor

Thanks alot,

 

I got this issue resolved.

The certificate generated from IIS Microsoft was not correct

Once i got the ptx format for certificate.

I extracted the key and certificate from .ptx format as .key and .crt file like

 

For the key:-

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

 

For the certificate

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

 

Just gave all the rights to both key and cert and made the key passphrase less. as

 

cp [server.key] [server.key.org]

openssl rsa -in [server.key].org -out [server.key]

 

and gave the path of key and cert in Hue.