03/08/2013 4759 views

I know this is something simple I'm missing but can't sort it out. When setting up the K3000 SSL config there are two sections, key (the certificate private key) and certificate (the certificate itself). I ordered a new SSL cert and have the key and have the web server cert and the intermediate CA cert. Now I understand the certificate itself, I just copy and paste from the --begin certificate and --end certificate. 

Question, what is the private key? I don't know what is supposed to go in this part of the form? Thanks!

0 Comments   [ + ] Show comments


All Answers


I ended up sorting this out. Kace will need to do a bit better job on the documentation for the K3000 SSL config. For the private key, you need to make sure you generate a private key that is in a .pem format. This will allow you to open the file with a txt editor and copy/paste the private key into the first field. Then you copy the web server key and paste it into the second window, THEN you must copy and past the intermediate key under the web server key. Once that's all done everything seems to be working fine for us. We are able to conncect via port 443 over the internet to our VM.

Answered 03/21/2013 by: dcard
Senior White Belt


The private key is created when you generate your CSR, which you upload to your CA to generate the certificate. I ended up generating these 2 (CSR & Private Key) with the K1000.

You can do this by loging on to the k1000\adminui, go to Settings -> Control Panel -> Security Settings -> click edit mode -> in the Optional SSL Settings section check the box nex to SSL Enabled on port 443, then the Open SSL Certificate Wizard button appears.
Click it and fill in all the fields needed and in the Common Name field enter the external name of the KACE K3000 appliance, make sure it matches the name of your K3000 appliance. Copy the CSR and generate the SSL certificate at your CA. When you have recieved the Root Certificate copy the contents (with --begin certificate and --end certificate) in the certificate field on your K3000, also copy the Private key generated by your K1000 in the Key field on your K3000 (in the SSL Confguration section)

Answered 04/02/2013 by: -mrk!!-
Yellow Belt




when you generate a CSR (certificate request) you generates always two elements:

  1. The CSR file that contain the request: you will need to send this to your favorite Certification Authority (GoDaddy, Verisign, etc etc)
  2. The Privake Key (usually has the extension .KEY): This file is really important! Do not send it to anyone and keep it EXTRA safe

When the certificate will be issued from the Certification Authority you will need the KEY and the certificate they are going to send to you.

If you KEY was lost or compromised the certificate itself will be useless and so you need to ask the Authority to revoke the certificate they issued and give you a new one.

I created a small video, still in beta, about SSL and K3000.

If you like you can have a look here:

http://youtu.be/GCy30fWKLVU (watch it fullscreen and in HD)

The video explains as well what to do with the intermediate certificate that some Authorities may send to you with the main certificate.



Answered 04/23/2013 by: StockTrader
Red Belt

  • I forgot to add a very handy online tool to verify if the certificate of your K3 is totally valid.
    After your K3 is on internet try to use this link: http://www.digicert.com/help/ and provide the url of your K3.
    This will verify if the SSL is valid and if all the certificate chain is ok.
  • Hello Stock Trader,

    well, I have the newest K3000 version (1.1) and I can say that the things are a little bit more easy than your video. You do not have to put the extra certificates in one body, you just have to copy the data into the appropriate fields.

    My problem now is that before I copy anything in the SSL fields, K3000 says that my SSL configuration is completed and my certificate expires in 10 years...
    • Hello,
      I've not experienced this behavior. Had you already a certificate installed on that box before upgrading to 1.1 ?
      I think it is a good idea to take a couple of screenshots an open a support case.
      It may be only a sort of ''visual bug'' but it's better they have a look.
      Thanks & regards,
      Marco- StockTrader

Submit a ticket to KACE support at http://support.kace.com or email support@kace.com for K3000 issues.

Answered 03/11/2013 by: jknox
Red Belt

  • Have you tried the new version 1.0.7 and see if you have the same issue?
  • I find the documentation, for me, does not match what I see on the server. The documentation speaks of being able to click a button to upload your private key and certificate as well as options to use a password. My server however, only shows the private key and certificate field where you would dump the contents of those files. I need to be able to supply a passphrase and am trying to figure out if my server is out of date or what the deal is as to why I don't see the options supplied in the documentation.