• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2024
  • Last Modified:

CentOS: Install SSL certificate

Hi All,

Very new to using CentOS and SSH.  But slowly getting the hang of it.


I've setup a website and want to add an SSL certificate.

Can anyone walk me through the process.
0
detox1978
Asked:
detox1978
  • 9
  • 5
1 Solution
 
farzanjCommented:
Do you need it for Apache, LDAP, or SSH keys?
0
 
detox1978Author Commented:
Apache
0
 
detox1978Author Commented:
I have a PFX file with the public and private key
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
detox1978Author Commented:
I have openssl on the server.
0
 
detox1978Author Commented:
I found this link, but dont know where to copy things too;

http://www.petefreitag.com/item/16.cfm
0
 
farzanjCommented:
0
 
detox1978Author Commented:
I followed the steps on that link and got the following error;

#openssl ca -in apachekey.csr -out apachecert.pem

Using configuration from /etc/pki/tls/openssl.cnf
Error opening CA private key ../../CA/private/cakey.pem
31033:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('../../CA/private/cakey.pem','r')
31033:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load CA private key
0
 
farzanjCommented:
Please follow this guide step by step

http://www.cyberciti.biz/faq/rhel-apache-httpd-mod-ssl-tutorial/

If you still have problem, let me know.
0
 
detox1978Author Commented:
Thats the same link?
0
 
farzanjCommented:
I am sorry, got really busy and could not help you.
If you found the solution, please post it here.  That would help the community too.

Thanks
0
 
detox1978Author Commented:
Here's my notes;

You just need to update the PFX password.


Create PFX
copy mydomain.com.pfx to /etc/httpd/conf/ssl/pfx

connect to root via SSH

# = type

#openssl
#pkcs12 -in /etc/httpd/conf/ssl/pfx/mydomain.com.pfx -passin pass:PFX-Password -nokeys -out

/etc/httpd/conf/ssl/crt/mydomain.com.crt
#pkcs12 -in /etc/httpd/conf/ssl/pfx/mydomain.com.pfx -passin pass:PFX-Password -nocerts -out

/etc/httpd/conf/ssl/key/mydomain.com.key -passout pass:PFX-Password


insert the following lines to the VirtualHost in httpd.conf using vi (vi /etc/httpd/conf/httpd.conf)




SSLEngine On
SSLCertificateFile /etc/httpd/conf/ssl/crt/mydomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/key/mydomain.com.key


Then restart the webserver

#/etc/init.d/httpd restart



0
 
farzanjCommented:
Thanks.

Before closing, it is better if you post your solution, and accept it.
0
 
detox1978Author Commented:
I raised a delete request, so will have it removed and accept my answer.

Hopefully it will help someone.  
0
 
detox1978Author Commented:
answer above
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 9
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now