VSSL for N-able N-central - Troubleshooting tips

Last Modified

Wed Jan 06 18:15 GMT 2021

Description

  • This article contains tips for troubleshooting the application of an SSL Certificate to N-able N-central

Environment

  • All Supported Versions of N-able N-central

Solution

Single Domain Certificate Tips

If you are applying a Single Domain Certificate to N-able N-central, and it doesn't seem to be applying properly, please check the below:
  • Does the CSR match Certificate?
The CSR visible in N-able N-central must have a matching hash to the certificate being applied. To check this:
  1. Go to https://www.sslshopper.com/certificate-key-matcher.html.
  2. Under "What to check", select Check if a CSR and a Certificate match.
  3. Copy the contents of your certificate in the first box (Not the chained bundle).
  4. At the System level in N-able N-central, go to Administration > Certificate Management > Generate and Download Certificate.
  5. Note: Do not click Generate.
  6. Select and copy all the contents in the text box containing your Certificate Signing Request.
  7. Go back to the Certificate key matcher webpage described above and paste the contents in the second box reading Enter your CSR.
  8. Click outside of the text box, and on the right side it will display the two modulus hashes and whether they match or not.
If they do not match, start over with generating a new CSR.
  • Is the Certificate Signing Request text box blank?
Generate a new CSR, but make sure to fill in all the fields on the form. A blank CSR may occur if you missed a field. Not all versions of N-able N-central correctly indicate that all fields are necessary. You do NOT need a CSR if you are using a Wildcard certificate for N-able N-central .
  • Is your chain properly assembled?
Your chain must be assembled in a specific order. See SSL-for-N-able-N-central-Single-Domain for instructions
  • Does your chain contain matching pieces?
The intermediate and root certificates must be part of the same chain. Please use https://www.sslshopper.com/certificate-decoder.html or a similar tool to make sure that the names match. You may need to get a new root or intermediate certificate from your CA.

Wildcard Certificate Tips
  • Make sure the certificate is fully chained and properly applied on the server from which you are exporting the certificate. Use a third party checker such as https://www.sslshopper.com/ssl-checker.html to verify this and re-export if necessary
  • If you are using a third party website to convert the certificate, make sure that PEM is the chosen format.