Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

upload the ssl public key to Apache web server

Posted on 2016-09-22
6
Medium Priority
?
42 Views
Last Modified: 2016-10-13
we are running our web server on windows , we have clients on various places , when we update the certificate we ask the customer to upload the new public key.

one of our customer is using apache server with php , where they might be able to find the certificate store on their server. and how they may upload the public key on their server. we have the certificate with PEM extension in addition to the room and intermediate certificate.

does any has simialr situation where they just use the public key only and have tips hwo to achieve that.

Thanks
0
Comment
Question by:OttAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 332 total points (awarded by participants)
ID: 41812984
First check if ssleay32.dll is somewhere in directory of apache, i.e if it has SSL support at all.
Then look fro conf.d/* for a line Listen 443
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 41812990
we are running our web server on windows , we have clients on various places , when we update the certificate we ask the customer to upload the new public key. Why?

one of our customer is using apache server with php , where they might be able to find the certificate store on their server. and how they may upload the public key on their server. we have the certificate with PEM extension in addition to the room and intermediate certificate.
Again why? What is the purpose of this?
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 332 total points (awarded by participants)
ID: 41813054
If you are using Cpanel ir similar to manage your sites by the user, they would need to upload the certificate there.
A secure site requires unique ip:port configuration such that if 443 is used, each secure site will need their own ip.

Not sure what would the reason for requesting any key from the client. For a secure connection/communication to work, your server must have both the private key and the certificate used to generate it.

It sounds more that what you are after is to secure communication between a secure site and a client by way of validating the client through a client based certificate which is what you are asking the client provid (a certificate without the inclusion of the private key, is the public key)

In such a situation, setting up an automatic process where a "client" is permitted to update the "authorized" person list vulnerable since a person would be in a position to upload as many certs as they want ........
0
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

 
LVL 2

Assisted Solution

by:Dillyn Barber
Dillyn Barber earned 332 total points (awarded by participants)
ID: 41813137
If there is no cPanel or equivalent to they will have to do this manually. For starters, they need to make sure OpenSSL is installed too (applies to Windows and Linux) There is a full tutorial for setting up SSL on Apache with a Windows machine here:
http://rubayathasan.com/tutorial/apache-ssl-on-windows/

If your client attempts this on a Linux server they can follow:
https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

Which can be helpful for windows as well as it talks about adding it through Apache 2.4
0
 
LVL 33

Accepted Solution

by:
shalomc earned 1004 total points (awarded by participants)
ID: 41813638
Tell them to look in their Apache configuration, either in httpd.conf or in an included file, for the lines containing the following keywords:

Server Certificate:        SSLCertificateFile
Server Private Key:       SSLCertificateKeyFile
Server CA Chain:      SSLCertificateChainFile

These point to PEM encoded files that can then be sent over to you.
You don't say which web server you run on Windows, so I assume it is IIS. IIS doesn't like PEM files, but loves pfx files. So you have to convert. You need ALL 3 files from above.

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Open in new window

0
 
LVL 33

Expert Comment

by:shalomc
ID: 41841650
No comment from author
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question