LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-28-2015, 01:05 PM   #1
Toasterman
Member
 
Registered: Oct 2013
Posts: 77

Rep: Reputation: Disabled
Install certificate


Hello,
Our business is supposed to install a few certificates in order to be able to communicate with Authorize.net. However, there is no indication of how to actually install these certificates. I've installed apache SSL certs before but this looks completely different.

This is the document I found:
http://community.developer.authorize...015/ba-p/50430

I am using a 32-bit Fedora server.
Please help as this is important for financial reasons.
 
Old 05-28-2015, 03:52 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,579
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
32 bit Fedora? How old is that system?

Anyway as implied by the link you included where to install the certificates is dependent on what is making the connection. e.g. You might need to install it for your systems' curl setup if you had a curl script making the connection or you might need it in your Java keystore if a Java jar file (e.g. a Jboss process) was making the connection or you might need both or you might need it in other tools.

So the first question is what is actually making the connection from your system to the remote?

Luckily there is actually discussion of how to apply the certificates to different locations as another link at the site you linked:
http://www.entrust.net/knowledge-bas...te.cfm?tn=8863

That in turn has links talking about how to install for Java keystore, OpenSSL or other.
 
Old 05-29-2015, 04:18 AM   #3
RMLinux
Member
 
Registered: Jul 2006
Posts: 260

Rep: Reputation: 37
In generating a certificate in my experience I am using keytool or openssl.

1. generate your private key
2. generate a csr on that private key
3. submit the .csr in your certificate authority (CA) ex. digicert, verisign, entrust etc..etc..
4. you can download or they can email you your signed certificates.

how to install in apache?
Some CA they will tell you to download their INTERMEDIATE CA. (this are the cert that verified your certificate if authentic or not)
5. you have to download the INTERMEDIATE CA in your CA company.

then install in apache..
in my case this is my configuration to RHEL 4 :-) MY REDHAT IS TOO OLD :-).

edit: /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/conf/ssl.crt/signedcert.crt --------------> STEP #4
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/yourprivatekey.key -------->STEP #1
SSLCACertificateFile /etc/httpd/conf/ssl.crt/intermediate.crt ----------->STEP #5

THIS IS HOW YOU GENERATE SHA2...
https://armantutorial.wordpress.com/...256-signature/
AVOID SHA1 NOW...

THIS ARE THE COMMANDS TO CONVERT YOUR CERTIFICATE IN DIFFERENT FORMAT
https://armantutorial.wordpress.com/...nother-format/

HOPE THIS WILL HELP YOU..

SEE THIS IN YOUR LINK ON ENTRUST.NET IN YOUR POST SO I DISCOURAGE YOU TO USE SHA1...ALSO YOU DISABLE SSLV3 IN YOUR APACHE CONFIGURATION DUE TO POODLE ATTACH JUST USE TLSXX

The upgrade to SHA-2 conforms to a change among server and browser manufacturers to deprecate use of SHA-1:
Microsoft announced in late 2013 that they would no longer accept SHA-1 signed certificates which expire after January 1, 2017:
In September 2014 Google announced that the Chrome browser would gradually depreciate SHA-1 support, and would also reject SHA-1 signed certificates which expire after January 1, 2017. In addition, SHA-1 signed certificates which expire in 2016 would be flagged as secure but with errors.
Also in September 2014, Mozilla announced that they would also reject SHA-1 signed certificates that expire after January 1, 2017. Mozilla is the basis of a family of browsers, the most well-known being Mozilla Firefox.

Last edited by RMLinux; 05-29-2015 at 04:25 AM.
 
Old 06-03-2015, 11:36 PM   #4
RMLinux
Member
 
Registered: Jul 2006
Posts: 260

Rep: Reputation: 37
Is this SOLVED? :-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] The certificate is expired. Please ensure you have the correct certificate and your s manalisharmabe Linux - General 6 09-09-2013 01:51 PM
Verify return code: 19 (self signed certificate in certificate chain) tikit Linux - Server 1 04-10-2012 06:21 PM
[SOLVED] how can i install a .pfx certificate? hakeemtunde Ubuntu 4 07-13-2011 08:25 AM
Building a certificate chain from the certificate using openSSL aravinda78 Linux - Security 1 11-10-2008 02:51 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 11:28 AM


All times are GMT -5. The time now is 04:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration