LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-19-2014, 09:57 AM   #1
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 543

Rep: Reputation: Disabled
Set up a SSL secured Centos/Apache webserver


I am trying to set up a SSL secured Centos webserver with Apache.

I have created the following per http://wiki.centos.org/HowTos/Https.
  • /etc/pki/tls/certs/ca.crt (My certificate)
  • /etc/pki/tls/private/ca.key (My private key)
  • /etc/pki/tls/private/ca.csr (what is this?)

ssl.conf has the following:
  • SSLCertificateFile (I will set to /etc/pki/tls/certs/ca.crt)
  • SSLCertificateKeyFile (I will set to /etc/pki/tls/private/ca.key)
  • SSLCACertificateFile (what do I do with this?)

What is /etc/pki/tls/private/ca.csr and SSLCACertificateFile used for?

Thanks
 
Old 03-19-2014, 10:09 AM   #2
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
1.You are trying to deploy self-signed certificate or certificate signed by a certificate authority?

If you are trying to deploy self-signed certificate you dont require file eding with csr (in your case ca.csr)

2. For having a certificate signed by a certificate authority :

You need to create CSR and when you create csr a private key is created.

So you have ca.key and ca.csr on your server.

You send ca.csr to CA like Verisign or Thwate or other

CA provides your ca.crt i.e certificate. (Note : There is CRT also contains Intermediate certificate)


SSLCertificateFile should be your DigiCert certificate file (eg. your_domain_name.crt).
SSLCertificateKeyFile should be the key file generated when you created the CSR.
SSLCertificateChainFile should be the DigiCert intermediate certificate file (DigiCertCA.crt)
 
Old 03-19-2014, 10:56 AM   #3
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 543

Original Poster
Rep: Reputation: Disabled
Thanks Prayag, I think that makes sense.

So, I should use SSLCertificateChainFile and not SSLCACertificateFile?
 
Old 03-19-2014, 11:06 AM   #4
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Please let us know :

1.You are trying to deploy self-signed certificate or certificate signed by a certificate authority?
 
Old 03-19-2014, 11:40 AM   #5
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 543

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by prayag_pjs View Post
Please let us know :

1.You are trying to deploy self-signed certificate or certificate signed by a certificate authority?
Oh, sorry.

For now, self-signed, later signed by a CA.

Really, just trying to learn right now.
 
Old 03-19-2014, 12:08 PM   #6
kirukan
Senior Member
 
Registered: Jun 2008
Location: Eelam
Distribution: Redhat, Solaris, Suse
Posts: 1,272

Rep: Reputation: 148Reputation: 148
Quote:
If you are trying to deploy self-signed certificate you dont require file eding with csr (in your case ca.csr)
Is this above statement correct?

Without .csr how you generate your certificate ??

for further reference
http://www.akadia.com/services/ssh_t...rtificate.html

Last edited by kirukan; 03-19-2014 at 12:09 PM.
 
Old 03-19-2014, 01:04 PM   #7
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Creating the self-signed SSL certificate and the server key

Code:
#openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
Use only below two options for Self Signed Certificate :

Code:
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

Last edited by prayag_pjs; 03-19-2014 at 01:05 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to set up a secure Apache webserver on Ubuntu LXer Syndicated Linux News 0 11-27-2013 02:10 PM
SSL Library Error: -8181 Certificate has expired in centos webserver SarahGurung Linux - Newbie 5 09-24-2012 01:32 PM
[SOLVED] Linux Centos with apache webserver rewards Linux - Newbie 5 12-28-2010 12:11 AM
public webserver apache on CentOS 5.3 in Xen Enviroment strubbldesign Linux - Server 1 08-19-2009 09:08 AM
Apache SSL Set Up Woes javachump Slackware 2 09-07-2006 07:30 AM


All times are GMT -5. The time now is 07:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration