We're trying to set up OpenWISP using a paid-for wildcard (*.ngv.com.au) SSL certificate. The certificate comes to us as a ZIP of these files:
AAACertificateServices.crt
SectigoRSADomainValidationSecureServerCA.crt
star.csr
star.key
STAR_ngv_com_au.crt
USERTrustRSAAAACA.crt
I presume STAR_ngv_com_au.crt
is our certificate and the other .crt
files are the chain.
However, I cannot input an acceptable certification authority into OpenWISP. When I enter our certificate and refer to the CA I've entered, OpenWISP responds
CA doesn't match, got the following error from pyOpenSSL: "unable to get local issuer certificate"
Following this advice, my best attempt at entering the certificate of the certification authority is the output of
cat STAR_ngv_com_au.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt AAACertificateServices.crt
or
cat SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt AAACertificateServices.crt
but each of those yields the CA doesn't match error, as does using each of the four .crt
files individually.
What magic combination of files is required to satisfy OpenWISP/pyOpenSSL?
I presume STAR_ngv_com_au.crt is our certificate and the other .crt files are the chain.
If YOU open YOUR certificate, who is the issuer? It is written right there, no presumption necessary.-----BEGIN CERTIFICATE----- ...
content.----BEGIN CERTIFICATE ...
,-----BEGIN PRIVATE KEY ...
etc.; i.e., the first line of each of the six files is-----BEGIN something
and the last line of each of the six files is-----END something
..crt
file (presumably also supplying thestar.key
file) and decode and view the content?