• Advertisement
Stay in with the IT Notebook

Any - Apache 2.x+ - Installing/renewing SSL Certificates

Any software title released with a GNU/Linux distribution. Articles are posted in "Linux Distribution - Software Title - Subject" format.

Any - Apache 2.x+ - Installing/renewing SSL Certificates

Postby lmmtux » Thu Aug 30, 2012 1:41 pm

This article should work with any certificate provider to install or renew SSL Certificates in Apache 2.x or higher. These instructions were specifically written for Apache 2.1.x however.


Installing a new SSL certificate:

Note: All commands shown in this article should be run as root.

  1. Generate a certificate server request file:
    Code: Select all
    openssl genrsa -out <yourservername>.key 2048
    openssl req -new -key <yourservername>.key -out <yourservername>.csr

    Where <yourservername> can be anything, but it's helpful to know which server the file applies to by using the server name.
  2. Use the certificate provider website to create a certificate. When prompted, copy and paste the contents generated in the .csr file from above.
  3. Once submitted above, wait while the certificate provider generates the certificate. This can take a while depending on the provider.
  4. Your certificate provider may email you a .cer file or .crt file, or even send you the text that goes in the .cer or .crt file. Either way, save the file provided or copy/paste the contents of the certificate to a .crt file.
  5. Store the .crt file received in the directory: /etc/httpd/conf/ssl.crt/
  6. Copy the .key file generated in the first step to the directory: /etc/httpd/conf/ssl.key/
  7. Download the Intermediate CA Bundle certificate from your certificate provider and save it to the directory: /etc/httpd/conf/ssl.crt/
  8. Open the httpd.conf file for the website you wish to install the certificate for. Add the following lines in the config file for the website you will be installing the SSL certificate for:
    Code: Select all
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/<yourservername>.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/<yourservername>.key
    SSLCACertificateFile /etc/httpd/conf/ssl.crt/<Intermediate_CA_bundle.pem>

    Where:
    • <yourservername> is typically your server name, but it can be anything as in the above steps.
    • <Intermediate_CA_bundle.pem> is the Intermediate CA Bundle certificate from your certificate provider.
  9. Restart Apache:
    Code: Select all
    service httpd restart
  10. Verify the website comes up under its secure (https) URL without any errors.


Renewing a SSL certificate:

  1. Make a copy of the existing .crt file that is currently in use, which is typically located in the directory: /etc/httpd/conf/ssl.crt/
  2. Use the certificate provider website to renew the certificate. When prompted, copy and paste the contents generated in the .csr file that you originally used to create the original certificate. Note: If you do not have the .csr file, you can generate a new one with the command below, then proceed with the next step.
    Code: Select all
    openssl genrsa -out <yourservername>.key 2048
    openssl req -new -key <yourservername>.key -out <yourservername>.csr

    Where <yourservername> can be anything, but it's helpful to know which server the file applies to by using the server name.
  3. Your certificate provider may email you a .cer file or .crt file, or even send you the text that goes in the .cer or .crt file. Either way, save the file provided or copy/paste the contents of the certificate to a .crt file.
  4. Store the new .crt file received in the directory and replace the old one: /etc/httpd/conf/ssl.crt/
  5. Restart Apache:
    Code: Select all
    service httpd restart
  6. Verify the website comes up under its secure (https) URL without any errors.
lmmtux
 
Posts: 55
Joined: Mon Jul 30, 2012 9:40 pm
Reputation: 0

Return to Linux

cron