?
Solved

CentOS:  Install SSL certificate

Posted on 2011-03-10
14
Medium Priority
?
1,966 Views
Last Modified: 2012-05-11
Hi All,

Very new to using CentOS and SSH.  But slowly getting the hang of it.


I've setup a website and want to add an SSL certificate.

Can anyone walk me through the process.
0
Comment
Question by:detox1978
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
14 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 35100615
Do you need it for Apache, LDAP, or SSH keys?
0
 
LVL 2

Author Comment

by:detox1978
ID: 35100640
Apache
0
 
LVL 2

Author Comment

by:detox1978
ID: 35100755
I have a PFX file with the public and private key
0
Command Line Tips and Tricks

The command line is a powerful tool at the disposal of every Linux user. Although Linux distros come with beautiful user interfaces, it's worthwhile to learn the command line because it allows you to do a number of things that you otherwise cannot do from the GUI.  

 
LVL 2

Author Comment

by:detox1978
ID: 35100905
I have openssl on the server.
0
 
LVL 2

Author Comment

by:detox1978
ID: 35101135
I found this link, but dont know where to copy things too;

http://www.petefreitag.com/item/16.cfm
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35101214
0
 
LVL 2

Author Comment

by:detox1978
ID: 35101414
I followed the steps on that link and got the following error;

#openssl ca -in apachekey.csr -out apachecert.pem

Using configuration from /etc/pki/tls/openssl.cnf
Error opening CA private key ../../CA/private/cakey.pem
31033:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('../../CA/private/cakey.pem','r')
31033:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load CA private key
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35101524
Please follow this guide step by step

http://www.cyberciti.biz/faq/rhel-apache-httpd-mod-ssl-tutorial/

If you still have problem, let me know.
0
 
LVL 2

Author Comment

by:detox1978
ID: 35101535
Thats the same link?
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35103080
I am sorry, got really busy and could not help you.
If you found the solution, please post it here.  That would help the community too.

Thanks
0
 
LVL 2

Accepted Solution

by:
detox1978 earned 0 total points
ID: 35103118
Here's my notes;

You just need to update the PFX password.


Create PFX
copy mydomain.com.pfx to /etc/httpd/conf/ssl/pfx

connect to root via SSH

# = type

#openssl
#pkcs12 -in /etc/httpd/conf/ssl/pfx/mydomain.com.pfx -passin pass:PFX-Password -nokeys -out

/etc/httpd/conf/ssl/crt/mydomain.com.crt
#pkcs12 -in /etc/httpd/conf/ssl/pfx/mydomain.com.pfx -passin pass:PFX-Password -nocerts -out

/etc/httpd/conf/ssl/key/mydomain.com.key -passout pass:PFX-Password


insert the following lines to the VirtualHost in httpd.conf using vi (vi /etc/httpd/conf/httpd.conf)




SSLEngine On
SSLCertificateFile /etc/httpd/conf/ssl/crt/mydomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/key/mydomain.com.key


Then restart the webserver

#/etc/init.d/httpd restart



0
 
LVL 31

Expert Comment

by:farzanj
ID: 35103135
Thanks.

Before closing, it is better if you post your solution, and accept it.
0
 
LVL 2

Author Comment

by:detox1978
ID: 35133407
I raised a delete request, so will have it removed and accept my answer.

Hopefully it will help someone.  
0
 
LVL 2

Author Closing Comment

by:detox1978
ID: 35171011
answer above
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month14 days, 8 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question