Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

upload the ssl public key to Apache web server

Posted on 2016-09-22
6
Medium Priority
?
47 Views
Last Modified: 2016-10-13
we are running our web server on windows , we have clients on various places , when we update the certificate we ask the customer to upload the new public key.

one of our customer is using apache server with php , where they might be able to find the certificate store on their server. and how they may upload the public key on their server. we have the certificate with PEM extension in addition to the room and intermediate certificate.

does any has simialr situation where they just use the public key only and have tips hwo to achieve that.

Thanks
0
Comment
Question by:OttAdmin
6 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 332 total points (awarded by participants)
ID: 41812984
First check if ssleay32.dll is somewhere in directory of apache, i.e if it has SSL support at all.
Then look fro conf.d/* for a line Listen 443
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 41812990
we are running our web server on windows , we have clients on various places , when we update the certificate we ask the customer to upload the new public key. Why?

one of our customer is using apache server with php , where they might be able to find the certificate store on their server. and how they may upload the public key on their server. we have the certificate with PEM extension in addition to the room and intermediate certificate.
Again why? What is the purpose of this?
0
 
LVL 80

Assisted Solution

by:arnold
arnold earned 332 total points (awarded by participants)
ID: 41813054
If you are using Cpanel ir similar to manage your sites by the user, they would need to upload the certificate there.
A secure site requires unique ip:port configuration such that if 443 is used, each secure site will need their own ip.

Not sure what would the reason for requesting any key from the client. For a secure connection/communication to work, your server must have both the private key and the certificate used to generate it.

It sounds more that what you are after is to secure communication between a secure site and a client by way of validating the client through a client based certificate which is what you are asking the client provid (a certificate without the inclusion of the private key, is the public key)

In such a situation, setting up an automatic process where a "client" is permitted to update the "authorized" person list vulnerable since a person would be in a position to upload as many certs as they want ........
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 2

Assisted Solution

by:Dillyn Barber
Dillyn Barber earned 332 total points (awarded by participants)
ID: 41813137
If there is no cPanel or equivalent to they will have to do this manually. For starters, they need to make sure OpenSSL is installed too (applies to Windows and Linux) There is a full tutorial for setting up SSL on Apache with a Windows machine here:
http://rubayathasan.com/tutorial/apache-ssl-on-windows/

If your client attempts this on a Linux server they can follow:
https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

Which can be helpful for windows as well as it talks about adding it through Apache 2.4
0
 
LVL 33

Accepted Solution

by:
shalomc earned 1004 total points (awarded by participants)
ID: 41813638
Tell them to look in their Apache configuration, either in httpd.conf or in an included file, for the lines containing the following keywords:

Server Certificate:        SSLCertificateFile
Server Private Key:       SSLCertificateKeyFile
Server CA Chain:      SSLCertificateChainFile

These point to PEM encoded files that can then be sent over to you.
You don't say which web server you run on Windows, so I assume it is IIS. IIS doesn't like PEM files, but loves pfx files. So you have to convert. You need ALL 3 files from above.

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Open in new window

0
 
LVL 33

Expert Comment

by:shalomc
ID: 41841650
No comment from author
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question