I'm having an issue with setting up certificate on my Centos 7 VPS that runs VestaCP with Nginx and PHP-FPM for a website that runs Wordrpress CMS via SSL (we have already signed and running GoDaddy certificate). Basically what I am doing is adding Payeezy FirstData certificate to a Wordpress with WooCommerce project using these steps:
openssl req -newkey rsa:2048 -sha256 -keyout 1234567key.pem -out 1234567req.pem -subj "/C=LV/O=domain.com/CN=1234567" -outform PEM
where 1234567 is Merchant IDopenssl pkcs12 -export -in 1234567.pem -out 1234567keystore.p12 -certfile ECOMM-test.pem -inkey 1234567key.pemopenssl pkcs12 -in 1234567keystore.p12 -out 1234567keystore.pemAfter doing this I asked FirstData to add our VPS IP address to their allowed hosts.
By documentation and their support I've done everything right so far and all should work, but when I try to run sample transaction .php script I get this response:
startDMSAuth: Peer does not recognize and trust the CA that issued your certificate.
Which in human language means - your server does not trust the authority that signed this certificate. Please add it to Trusted Store Certificate Authority list (something like that).
The problem is that I don't know how to do it (add CA to Trusted Store CA list on Centos7 running VestaCP with Nginx and PHP-FPM) and can't find proper documentation or tutorial how to do it so I was hoping someone here has had an experience with this and could explain me and others with the same issue how to do it.
I found my solution here:
https://gist.github.com/oussemos/cf81d86a446544bfa9c92f3576306aff
Don't do line 403: openssl s_client -showcerts -connect github.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >mycertfile.pem
In short:
sudoupdate-ca-trust force-enableupdate-ca-trust extractcp certificate.pem /etc/pki/ca-trust/source/anchors/ (change certificate.pem to the certificate that you want to addupdate-ca-trust extract