Installing SSL certificate in RAS - a comedy show

Hi guys

We have been using SSL certificates in Parallels RAS for years and never had an issue. However, when we came to renew this year, we have been unable to import a certificate / Private key pair. A month after a ticket was raised with Parallels and STILL no progress.

Parallels says Private Keys are supplied by SSL provider. SSL provider says Private key supplied at point of Certificate request ie by RAS. Everyone blaming each other and we are no further forwards. We can export a private key from the valid installed certificate in IIS but Paralles will not import it.

What has happened in the last 12 months that either SSL certificates have suddenly become fiendishly complex (in fairness they do seem to be a real mess with so many formats and file types) or that all the people who used to knew about and understand SSL certificates have all left the planet?

Come on Parallels - you must do this 1000s of times a day - how hard can it be? Will you please escalate this.

As a last resort, can anyone on the forum please shed some light on how to achieve this simple administrative task

Thanks in advance

SpringBox

 

Update - Paralles now says they refuse to speak to the SSL certificate provider to help sort out this "confusion" (aka someone doesn't know what they are doing)

Well done guys - customer care at its best

 

@springbox While I can sympathise with your frustration there seem to be a few details missing about the environment and the certificate that you are using. For example: What is the RAS Server version you are using? Did you generate the certificate signing request from within RAS itself? What are the certificate's key strength (size) and signature hashing algorithms?

If you generated the certificate signing request via RAS itself, then the private key should have been generated by RAS and stored within RAS itself. You should then import the public key via RAS by (at the cost of sounding patronising) going to Farm > Site > Certificates > "find the certificate request in the certificate list and open it" > "Request" tab > import public key.

You mention that you can export the private key from a validly installed certificate in IIS but fail to import it into Parallels. I tried something similar but with the Windows auto-generated RDSH certificates on a "testing" server. I exported the certificate in PFX format from the Windows' Certificates snap-in. I had no issues importing it via RAS Console (v20.2.0) once I provided the relevant PFX password and a "name". Maybe I was just lucky.

 

Hi,
we are on V19.3 and do not see any issues importing certificates into ras.
We use Letsencrypt Certificates, but do not use "Rasinternal" letsencrypt provider, but have other mechanism to create certificates, store them on a secure space, download it with automation toosl and import it with powershell every 3 month to ras (with private key).

br
Chris.

 

I have also not had any issues with importing certificates into Parallels RAS and we've been using it for about 5 years at this point.
When I have to do a renewal/new Cert I do the following:

1. Generate a CSR on a random server with IIS on it.
2. Provide CSR to Cert Authority.
3. Download Certificate, and the root/intermediate bundle from Cert Authority.
4. Complete CSR process on IIS server used in step 1.
5. Export SSL certificate to password protected PFX file, make sure to mark private key as exportable.
6. Import PFX into Parallels.
7. Right-click certificate imported into Parallels in previous step and go to the Intermediate tab and paste the intermediate server cert hashes. (may not need to do this if your export included them)

I also use LetsEncrypt through Parallels for one of my Tenants and have no issues with that either.