View/Export SSL Certificate?

answered
#1

I would like to use the certificate I have received via Netlify/Let’s Encrypt to encrypt traffic between it and my Okta portal that I use for sign-ins. Okta requires copy/pasting of the actual cert content. As far as I can see-- and it’s entirely possible I’m just blind-- there is no way to view or export my cert information so I can use it in this manner. Is this correct? Or am I just missing something?

#2

Hi @chris-bosman :slight_smile:

Without being sure how you’re using Okta, I’m unable to answer fully. From what I understand you’re using it’s SSO feature. That being the case, unless it’s programmatically linked with a Netlify server you’ve created for that single purpose, it’s not a possibility. If it is running from a Netlify sever, that cert should be able to be directly linked to your Otka module. However, if Netlify and Otka are air-gapped then exporting the Let’s Encrypt cert to “plug into” Otka is definitely not possible. If this is the case, and you’re running a Linux system, it’s just a few steps to generate a cert using Let’s Encrypt via the ACME “tool” which comes standard waiting to be installed in any APT-based OS. I’m not sure of how to go about generation on MS or Mac machines, though. When you do ever wish to export certs from any site you visit (using Firefox) click on the green padlock and a small dialog box appears. At the top you’ll see “Connection” with an arrow on the right hand side. Click on it, then click on “More Information” right at the bottom. A new box will open. You’ll see a view certificate option, click it. Click on details; then you’ll see the root, intermediate, & leaf certs. Click on any you wish to export and click on Export at the bottom. Another issue I just thought of is if Okta isn’t accepting certs that are “mismatched” as is the case with Netlify freely issued certs.(1)

(1) This is NOT a security issue, it’s simply troublesome in certain use cases.

#3

Thanks for the answer. I am not attempting to link Netlify and Okta at all, really. Okta is being entirely handled by my application, which is running on Netlify. I am using Okta within my application to handle user permissions.

What I am trying to do within Okta is customize my domain. To do this, Okta wants the various certificate info (i.e. -----BEGIN CERTIFICATE-----, -----BEGIN RSA PRIVATE KEY-----, etc.) input into its portal. I could easily use another Let’s Encrypt certificate for this, but given that Netlify is already providing one, I was wondering if there was a way to export that certificate information that I could use for this purpose.

Really, Okta is not really pertinent to my question at hand. The important part of the question is, can I export the SSL certificate Netlify is providing for my own use.

#4

The public certificate - which was enough for me to configure TLSA record in my Cloudflare DNS - can be obtained via this site. Also the Let’s Encrypt Authority X3 cert. Make sure you use your own domain, of course.
https://www.fairssl.net/en/ssltest/
The DST Root CA X3 cert I retrieved from here: https://xmpp.net/result.php?domain=conversations.im&type=client

#5

Thanks for the link! FairSSL did help me retrieve the public certificate. Unfortunately, Okta requires the private key from the cert as well, and it doesn’t look like there’s a way aside from rolling my own cert that I can retrieve the private key. Thanks for the help!

#6

i would suggest you write up your thoughts and pop something on this thread? Feature requests - what do you already love, what could be better? :slight_smile:

#7

Thanks, Perry. I will do just that!

1 Like