No private key in the SSL subscription service parameters : CloudBlue Technical Support

Symptoms

The private key is missing in the SSL subscription service parameters.

Cause

The CSR and the private key were not generated by PBA, information about the private key is not supposed to be stored in PBA.

When the subscription is purchased, the customer (or the providers staff member) who places an order has two options:

Use already generated CSR.
Leave CSR empty to allow the system to generate it (if an option "Allow generate Private Key and Certificate Request" is enabled, see details in the documentation).

If the option 2 was used, the private key shall be stored in the subscription service parameters. If the already generated CSR was used (option 1), then the private key is not asked when purchasing an SSL. The private key is supposed to be kept privately by a person who generated CSR.

There is no easy way to determine which option was chosen, it is only possible from the sequence of methods/its parameters in BA logs. For example,

in BM.log(5.5.x), generic_worker.log (6.0.x) it can seen that the CSR is initially passed as NULL (an example below is for order placed from the providers control panel):

[14-04-16 12:26:57.579 Worker1.67  RQ24425 NTE] Entering method BM_Container::Worker1.67.PlaceOrder_SaveParams(user = 1, transaction = 24416, SID = 323, lang = en, HP)
[14-04-16 12:26:57.579 Worker1.67  RQ24425 NTE]         3 input arguments :
                string: 5
                string: CSRID
                string: NULL

in CERTENOM.log(5.5.x), generic_worker.log (6.0.x)) an appropriate parameter for private key
```
parameter [PKEYID] = <HIDDEN>
```
is passed within GetAndCheckPluginServiceParams method. The private key itself does not appears in the log for the security reasons.

Both these example confirm that the CSR was generated by the system and private key shall be present in the service parameters.

In case of already generated CSR there are records like:

[16-06-16 11:48:11.123 BM_Object   RQ527153 TH10373 NTE] Entering method BM.PlaceOrder_SaveParams(user = 1060476, SID = 596895, lang = en, request = 527153, localObject = 0, transaction = 723840 (HP)) 
[16-06-16 11:48:11.123 BM_Object   RQ527153 TH10373 NTE]        21 input arguments: 
                string: 1180 
                string: CSRID 
                string: -----BEGIN CERTIFICATE REQUEST-----  
<csr itself>
-----END CERTIFICATE REQUEST-----

Internal content

Link on internal Article