Solved

upload the ssl public key to Apache web server

Posted on 2016-09-22
6
27 Views
Last Modified: 2016-10-13
we are running our web server on windows , we have clients on various places , when we update the certificate we ask the customer to upload the new public key.

one of our customer is using apache server with php , where they might be able to find the certificate store on their server. and how they may upload the public key on their server. we have the certificate with PEM extension in addition to the room and intermediate certificate.

does any has simialr situation where they just use the public key only and have tips hwo to achieve that.

Thanks
0
Comment
Question by:OttAdmin
6 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 83 total points (awarded by participants)
ID: 41812984
First check if ssleay32.dll is somewhere in directory of apache, i.e if it has SSL support at all.
Then look fro conf.d/* for a line Listen 443
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 41812990
we are running our web server on windows , we have clients on various places , when we update the certificate we ask the customer to upload the new public key. Why?

one of our customer is using apache server with php , where they might be able to find the certificate store on their server. and how they may upload the public key on their server. we have the certificate with PEM extension in addition to the room and intermediate certificate.
Again why? What is the purpose of this?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 83 total points (awarded by participants)
ID: 41813054
If you are using Cpanel ir similar to manage your sites by the user, they would need to upload the certificate there.
A secure site requires unique ip:port configuration such that if 443 is used, each secure site will need their own ip.

Not sure what would the reason for requesting any key from the client. For a secure connection/communication to work, your server must have both the private key and the certificate used to generate it.

It sounds more that what you are after is to secure communication between a secure site and a client by way of validating the client through a client based certificate which is what you are asking the client provid (a certificate without the inclusion of the private key, is the public key)

In such a situation, setting up an automatic process where a "client" is permitted to update the "authorized" person list vulnerable since a person would be in a position to upload as many certs as they want ........
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 2

Assisted Solution

by:Dillyn Barber
Dillyn Barber earned 83 total points (awarded by participants)
ID: 41813137
If there is no cPanel or equivalent to they will have to do this manually. For starters, they need to make sure OpenSSL is installed too (applies to Windows and Linux) There is a full tutorial for setting up SSL on Apache with a Windows machine here:
http://rubayathasan.com/tutorial/apache-ssl-on-windows/

If your client attempts this on a Linux server they can follow:
https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

Which can be helpful for windows as well as it talks about adding it through Apache 2.4
0
 
LVL 33

Accepted Solution

by:
shalomc earned 251 total points (awarded by participants)
ID: 41813638
Tell them to look in their Apache configuration, either in httpd.conf or in an included file, for the lines containing the following keywords:

Server Certificate:        SSLCertificateFile
Server Private Key:       SSLCertificateKeyFile
Server CA Chain:      SSLCertificateChainFile

These point to PEM encoded files that can then be sent over to you.
You don't say which web server you run on Windows, so I assume it is IIS. IIS doesn't like PEM files, but loves pfx files. So you have to convert. You need ALL 3 files from above.

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Open in new window

0
 
LVL 33

Expert Comment

by:shalomc
ID: 41841650
No comment from author
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question