LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Ssl installation (https://www.linuxquestions.org/questions/linux-software-2/ssl-installation-814173/)

cbtshare 06-15-2010 12:16 AM

Ssl installation
 
Good day,

I am trying to install SSL certificate on my server.It is apache2, but I cant find the folders in which to install them.

E.g
ssl.key/
ssl.crt/

What should I do to get it?

bathory 06-15-2010 01:05 AM

Hi,

If they don't exist, you can create them. You can take a look at this howto to see how to create a self-signed certificate for apache

Regards

subho.d 06-15-2010 09:07 AM

Install the openssl then go /etc/pki/tls/certs for create ...

cbtshare 06-16-2010 07:44 PM

Quote:

Originally Posted by bathory (Post 4003833)
Hi,

If they don't exist, you can create them. You can take a look at this howto to see how to create a self-signed certificate for apache

Regards

Thank you .But I am trying to install a godaddy SSL cert.I had it on a cpanel server but that server crashed and now I have a newly installed server without cpanel so can I just put back those files on the server an it works?

I have downloaded from godaddy:

gd_bundle.crt
mydomainname.crt

Also openssl is already installed.I did yum install openssl , and it said it was already there.

bathory 06-17-2010 01:15 AM

Hi,

It's not going to work. You need a server key, created for the specific server. Based on that key you have to do a CSR (Certificate Request) to your provider, to create the certificate for your server.
So I guess you should contact godaddy support for this.

Regards

cbtshare 06-18-2010 09:45 AM

So what aam I to do , I dont see the server.crt anywhere on the server.Openssl is alreeady installed

bathory 06-18-2010 10:16 AM

Hi,

You have a certificate (mydomainname.crt) but you don't have the key. And even if you have the key, it's not going to work, or it will work with lots warnings "that it's not issued for the specific server).

You have to create a key for your new server (see the link in my 1st post).
Based on that key you have to generate a CSR (again see the link above) and send it to godaddy, so it provides you with a new certificate.

Regards

cbtshare 06-19-2010 05:11 AM

Ok thanks I might be getting closer, but now when I try to view my site https: I get :

RSA server certificate CommonName (CN) `www.domain.net' does NOT match server name!?

This is in my htt.conf

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain.net.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
<Directory /var/www/>
AllowOverride All
</Directory>
DocumentRoot /var/www
ServerName www.domain.net
</VirtualHost>

bathory 06-19-2010 08:53 AM

You can run:
Code:

openssl x509 -noout -subject -in /etc/pki/tls/certs/domain.net.crt
and see if the common name (CN) matches the server name of your vhost.

cbtshare 06-19-2010 02:01 PM

Thank you, I did and I got :

subject= /O=www.domain.net/OU=Domain Control Validated/CN=www.domain.net , which is the same as my virtual host in http.conf , but it still doesnt work

bathory 06-19-2010 05:42 PM

Hi,

Maybe you have to add also the chain file
Quote:

SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
Anyway the only way to check if this key was used to issue the certificate you're using, is to compare modulus. Check if the output of the following commands is the same:
Code:

openssl x509 -noout -modulus -in /etc/pki/tls/certs/domain.net.crt
openssl rsa -noout -modulus -in /etc/pki/tls/private/server.key


cbtshare 06-19-2010 08:56 PM

I have a proxy setup , so does that matter? I will install the cert on both servers.But how I test is I shut down apache on the 2nd server and test.

Maybe I should put www1.domain.net as the server name?

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain.net.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
<Directory /var/www/>;
AllowOverride All
</Directory>
DocumentRoot /var/www
ServerName www1.domain.net
</VirtualHost>

cbtshare 06-20-2010 04:33 AM

I think I am getting somewhere guys, thanks so far, but now I get :

Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.15 (EL) Server at www1.domain.net Port 443

when I go https://www1.domain.net

dont understand why I get that.Below is the vhost for the domain which works and the SSL which doesnt.I am installing this cert on www1 first , and as a test I go www1.domain.net

Code:

<VirtualHost *>
    ServerName domain.net
    ServerAlias www.domain.net
    DocumentRoot /var/www
    ServerAdmin support@domain.net
    <IfModule mod_suphp.c>
        suPHP_UserGroup nobody nobody
    </IfModule>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</VirtualHost>


<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/domain.net.crt
        SSLCertificateKeyFile /etc/pki/tls/private/server.key
        <Directory /var/www/>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www
        ServerName domain.net
</VirtualHost>


bathory 06-20-2010 09:11 AM

I don't see any www1.domain.net vhost in you last post, but there is one in the previous post.
Anyway about the "Forbidden" error, it could be that you don't an index page, or the DocumentRoot does not ave the execute bit on etc. Looking at error_log could help you identifying the problem

cbtshare 06-22-2010 02:02 AM

I have this in my httpd ...:

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain.net.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
ServerName domain.net
ServerAlias www.domain.net
<Directory /var/www/>
AllowOverride All
</Directory>
DocumentRoot /var/www
ServerAdmin support@domain.net
<IfModule mod_suphp.c>
suPHP_UserGroup nobody nobody
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</VirtualHost>

I am still getting this error:

[Tue Jun 22 05:39:26 2010] [error] [client 198.96.35.78] Directory index forbidden by Options directive: /var/www/html/
[Tue Jun 22 05:39:26 2010] [error] [client 198.96.35.78] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/error/noindex.html


But my index is in the cgi-bin, not in /var/www/html/

any help please?


All times are GMT -5. The time now is 08:33 PM.