Key file for Https App

  • 28 November 2022
  • 11 replies
  • 300 views

Userlevel 7
Badge +3

Hi all,

When uploading an SSL certificate for the Https app, you need to upload the SSL certificate, a key file, and an intermediate certificate. According to Docebo help, all of these should be provided by the certificate provider. However, our certificate provider only provides the SSL certificate and the intermediate certificate. Does anyone know where we can get the Key file? I seem to remember being able to download this from Docebo in the past, and I have a copy that seems to work, but I’d like to know where the original file can be obtained and whether it should come from the certificate provider or Docebo.

This is the relevant passage from Docebo Help:

Option 1: You Already Have an SSL Certificate

If you already have an SSL certificate, flag the corresponding option in the Certificate section. You then need to upload the SSL certificate, the key file that was provided to you by your certificate provider, and the Intermediate CA.


11 replies

Userlevel 6
Badge +2

Hi @Daniel 

I find that the LMS seems to keep hold of the Key file, so that I don’t need to upload it again later. This is what I see when I go to upload my certs:

Hope this helps!

Alan

Userlevel 7
Badge +3

Hi @Alan 

Thanks for the response. In my case, that isn’t happening and I need to upload the Key File again. When uploading the new certificate, do you click REMOVE CERTIFICATE first?

 

Userlevel 6
Badge +2

Yep, the first step was to remove the old certificate, and then state that I have my new one to upload. At that point I get the dialogue shown in the above screenshot.  I did download the key when I generated the original CSR file, and kept it in a safe place as instructed. So it was a bit surprising to not need it when the time came to replace the certificate. 

Userlevel 7
Badge +5

In my case, I was provided a single  .pfx  file and had to use  Open SSL  to extract the Cert, Int CA, and Key as  .pem  files to upload them individually. 

Userlevel 7
Badge +3

@gstager In our case, we received the certificate and intermediate certificate as text in the body of an email message. I then pasted the text into two text files and changed the file extensions to csr so they could be uploaded to Docebo. Regarding the key file, is it correct to say that this should come from the certificate provider and can’t be generated by Docebo itself? This is the point that is confusing me as I have been uploading an old key file rather than anything from the certificate provider. This is working but I can’t remember how we obtained the key file in the first place.

Userlevel 7
Badge +5

@Daniel - I would not expect Docebo to generate anything related to this.

Have you looked at Open SSL?

Are you working with a company such as GeoTrust?

Userlevel 7
Badge +3

We purchased the certificate from a company called Global Sign. What confuses me is that we can keep using the old key file in combination with the new certificate and intermediate certificate. If the certificate, intermediate certificate and key file are a set, why does the old key file work with the new certificates? Also, why doesn’t Global Sign issue a new key file with the certificates? I should probably ask them directly, but before I do, I want to establish beyond doubt that the key file must come from the certificate provider. The Https app works fine with the old key file, but I’d like to understand why so I can explain it properly to the other admins in my team. If anyone could shed some light on this, I would be very grateful🙏

Userlevel 6
Badge +2

Hi,

It seems that the situation is somehow not the same for everyone!  We have been using Quovadis so far, and we definitely only ever receive the certificate and intermediate certificate from them. The Key was definitely generated by Docebo alongside the CSR file and, although I was able to download it, I didn’t need to. upload it again later. I only needed to upload the Certificate and Intermediate cert.

Another detail is that I don’t need to generate a new CSR file each year. I can use the same CSR file to generate new certificates each year. A new CSR is only needed when the Intermediate Certificate expires, which has a multi-year lifespan. However, if I do generate a new CSR file early, I then also need a new intermediate cert. 

Alan

Userlevel 7
Badge +3

I just had another read through the following entry in Docebo help.

https://help.docebo.com/hc/en-us/articles/360020125119-Activating-and-Managing-the-HTTPS-App

Near the top it states:

If you already have an SSL certificate, flag the corresponding option in the Certificate section. You then need to upload the SSL certificate, the key file that was provided to you by your certificate provider, and the Intermediate CA.

However, near the end it says:

Once you've finished filling out the form, press the Generate CSR File button, then download your new file. We strongly recommend downloading the key file as well and storing it in a safe place on your computer. Once you have downloaded your CSR file, send it to your SSL certificate vendor.

It sounds like the key file is generated in Docebo at the same time as the CSR file.

Userlevel 6
Badge +2

Hi all,
I am just in the process of renewing a certificate for one of our domains. After generating a new CSR, this is the dialogue that appears:

 

I always download the key file from here, but to date I’ve never needed to actually use it for anything. 

Alan

Userlevel 7
Badge +3

After successfully renewing our SSL certificate this year, I can confirm that the key file is generated at the same time as the CSR file. Once the files have been generated, you can download the key file to keep as a backup, but normally you won’t need to upload it again as the system saves it automatically.

Reply