Additions:
>>[[http://www.sslshopper.com/ssl-checker.html SSL checker]]
http://www.petefreitag.com/item/16.cfm
http://www.petefreitag.com/item/16.cfm
Deletions:
Additions:
first buy a wildcard or normal ssl certificate pfx file from an ssl reseller
ps you might not need the intermediate SSLCertificateChainFile line but you will if you are getting any of these error messages
The certificate is not trusted because no issuer chain was provided.
Unable to locally verify the issuer's authority.
(Error code: sec_error_unknown_issuer)
ps you might not need the intermediate SSLCertificateChainFile line but you will if you are getting any of these error messages
The certificate is not trusted because no issuer chain was provided.
Unable to locally verify the issuer's authority.
(Error code: sec_error_unknown_issuer)
Deletions:
Additions:
[[http://www.novell.com/support/viewContent.do?externalId=7004039&sliceId=1 novell howto split a pfx]]
[[https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO16226 rapidssl intermediate certs]]
extract certificate from pfx to key and pem cert
$ openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out mysslsite.crt
extract key from pfx
then remove pass phrase so apache httpd doesnt ask for it !
$ openssl rsa -in key.pem -out mysslsite.key
=====apache httpd conf=====
copy crt key and any intermediate certificates to the /etc/pki/tls/subdirs
and add SSL lines to your apache httpd conf file
SSLCertificateFile /etc/pki/tls/certs/mysslsite.crt
SSLCertificateKeyFile /etc/pki/tls/private/mysslsite.key
SSLCertificateChainFile /etc/pki/tls/certs/my-ssl-resellers-intermediate.crt
ps you might not need the intermediate SSLCertificateChainFile line
[[https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO16226 rapidssl intermediate certs]]
extract certificate from pfx to key and pem cert
$ openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out mysslsite.crt
extract key from pfx
then remove pass phrase so apache httpd doesnt ask for it !
$ openssl rsa -in key.pem -out mysslsite.key
=====apache httpd conf=====
copy crt key and any intermediate certificates to the /etc/pki/tls/subdirs
and add SSL lines to your apache httpd conf file
SSLCertificateFile /etc/pki/tls/certs/mysslsite.crt
SSLCertificateKeyFile /etc/pki/tls/private/mysslsite.key
SSLCertificateChainFile /etc/pki/tls/certs/my-ssl-resellers-intermediate.crt
ps you might not need the intermediate SSLCertificateChainFile line
Deletions:
convert pfx to key and pem cert
$ openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out cert.crt
remove pass phrase so apache httpd doesnt ask for it !
$ openssl rsa -in key.pem -out cert.key
Additions:
The Personal Information Exchange format (PFX, also called PKCS #12) supports secure storage of certificates, private keys, and all certificates in a certification path.
Additions:
convert pfx to key and pem cert
$ openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out cert.crt
$ openssl rsa -in key.pem -out cert.key
$ openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out cert.crt
$ openssl rsa -in key.pem -out cert.key
Deletions:
$ openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out cert.pem
$ openssl rsa -in key.pem -out key.key
