OpenSSL with apache


Hi Experts,

I'm trying to configure appache with my OpenSSL certs and i'm having trouble. I used a windows SSL helper called XCA to create the certs and it only creted them in p12 or pem and with appache every example I see of certs in the httpd.conf files it's either crt and key that is needed.

Does anyone know if .p12 or pem can work in appache and if is it possible to convert them to crt and key??? Or how do you create them from scratch???


Thanks!!
Suzy
fynessAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jellybellyjoCommented:
The http://www.apache-ssl.org/#FAQ site has answers to most of these questions.
If you just want to create a test certificate and key, you can follow the instructions there. To get a proper signed one from an authority, you have to pay for it. A list of providers is at the same link.
AtomicElecCommented:
IIRC, Apache's certificate format is PEM.  Just use XCA to export the Certificate and Key as PEM files and then just point apache to those files.  (If XCA only provides you with one file, it may be both the cert and the key file.)

Alternatively, you can create a self-signed cert using the following steps (if you access to a machine with openssl)...

openssl genrsa -out test.key 2048
openssl req -key test.key -new -out test.csr
openssl x509 -in test.csr -req -signkey test.key -days 365 -set_serial 1 -out test.crt
fynessAuthor Commented:
If i'm point the pem to  apache is there another configuration line or do i just use the ProxyCACertificateFile?

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /home/acer/my-server.cert
SSLProxyMachineCertificateFile /home/acer/my-server-with-key.cert
SSLProxyCACertificateFile /home/acer/ca_list.crt
SSLCertificateKeyFile /home/acer/my-server.key
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

AtomicElecCommented:
Unless you are connecting to a proxy using apache, you will not need the SSLProxy* directives.

SSLCertificateFile
should go to the file that has the certificate
SSLCertificateKeyFile
should go to the file that has the key

I believe XCA should be able to provide you two different files (one with the cert in it and another with the key).
Export the cert as PEM...  save it to whatever file you want (Apache doesn't care that it's called .crt or .pem or .foo)
Then use SSLCertificateFile directive to point to that file

Export the key you used to make that cert also as PEM...  again save it as whatever file (server.key...  server.pem... foo.bar)
Then use SSLCertificateKeyFile directive to point to that file

Then just restart apache, and you should have SSL support  :-)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fynessAuthor Commented:
Thanks for that, just want to check when using a testing server, does the server name have to be the same as whats in the CA cert?

Cheers,
Suzy
AtomicElecCommented:
No.  Most browsers will give the user a warning that the host name does not match and allow them to accept the certificate anyways.  :-)
AtomicElecCommented:
Unless the author responds otherwise, I believe I answered the question.  :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.