Solved

upload the ssl public key to Apache web server

Posted on 2016-09-22
6
36 Views
Last Modified: 2016-10-13
we are running our web server on windows , we have clients on various places , when we update the certificate we ask the customer to upload the new public key.

one of our customer is using apache server with php , where they might be able to find the certificate store on their server. and how they may upload the public key on their server. we have the certificate with PEM extension in addition to the room and intermediate certificate.

does any has simialr situation where they just use the public key only and have tips hwo to achieve that.

Thanks
0
Comment
Question by:OttAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 83 total points (awarded by participants)
ID: 41812984
First check if ssleay32.dll is somewhere in directory of apache, i.e if it has SSL support at all.
Then look fro conf.d/* for a line Listen 443
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 41812990
we are running our web server on windows , we have clients on various places , when we update the certificate we ask the customer to upload the new public key. Why?

one of our customer is using apache server with php , where they might be able to find the certificate store on their server. and how they may upload the public key on their server. we have the certificate with PEM extension in addition to the room and intermediate certificate.
Again why? What is the purpose of this?
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 83 total points (awarded by participants)
ID: 41813054
If you are using Cpanel ir similar to manage your sites by the user, they would need to upload the certificate there.
A secure site requires unique ip:port configuration such that if 443 is used, each secure site will need their own ip.

Not sure what would the reason for requesting any key from the client. For a secure connection/communication to work, your server must have both the private key and the certificate used to generate it.

It sounds more that what you are after is to secure communication between a secure site and a client by way of validating the client through a client based certificate which is what you are asking the client provid (a certificate without the inclusion of the private key, is the public key)

In such a situation, setting up an automatic process where a "client" is permitted to update the "authorized" person list vulnerable since a person would be in a position to upload as many certs as they want ........
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Assisted Solution

by:Dillyn Barber
Dillyn Barber earned 83 total points (awarded by participants)
ID: 41813137
If there is no cPanel or equivalent to they will have to do this manually. For starters, they need to make sure OpenSSL is installed too (applies to Windows and Linux) There is a full tutorial for setting up SSL on Apache with a Windows machine here:
http://rubayathasan.com/tutorial/apache-ssl-on-windows/

If your client attempts this on a Linux server they can follow:
https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

Which can be helpful for windows as well as it talks about adding it through Apache 2.4
0
 
LVL 33

Accepted Solution

by:
shalomc earned 251 total points (awarded by participants)
ID: 41813638
Tell them to look in their Apache configuration, either in httpd.conf or in an included file, for the lines containing the following keywords:

Server Certificate:        SSLCertificateFile
Server Private Key:       SSLCertificateKeyFile
Server CA Chain:      SSLCertificateChainFile

These point to PEM encoded files that can then be sent over to you.
You don't say which web server you run on Windows, so I assume it is IIS. IIS doesn't like PEM files, but loves pfx files. So you have to convert. You need ALL 3 files from above.

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Open in new window

0
 
LVL 33

Expert Comment

by:shalomc
ID: 41841650
No comment from author
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question