Gordon State College Information Technology Help Desk Knowledgebase
Apache Redhat SSL Certificate Request and Installation (For Comodo)
Suggested knowledgebase articles:

Apache Redhat SSL Certificate Request and Installation (For Comodo)

Problem Description : 

How to install an SSL Certificate on Apache (RHEL 5) through Comodo

 

 

 Resolution : 

 

NOTE: This process uses an exported Certificate from a IIS 7 Server, meaning that you must have at least one current certificate (Windows) already installed on a Server.

 

Moving a SSL certificate and key from Windows to Apache?

 

Export to PFX file

 

1) Please start the Microsoft Management Console (MMC)

2) Add the Certificates Snap-in for the Computer account.

3) Under the Personal section of the MMC there should be a folder called "Certificates", open it.

4) Right-click on the SSL certificate you'd like to export (will be issued to *.gordonstate.edu - look at expiration date to make sure it is the correct one).

5) Hover over "All Tasks", from here one should see the option to Export...

6) Go through the wizard, make sure you export the private key. 

7) While going through the wizard, accept defaults. enter a password for the private key (remember the password because you will need it in the next steps)

8) Once you have dropped out of the wizard you should have a PFX file.

 

Import Private Key to an Apache readable format

 

1) Use the following OpenSSL command (in a terminal windows on Redhat) to obtain both the private key and SSL Certificate in a apache readable format.

openssl pkcs12 -in mypkcs12.pfx -out pfxoutput.txt -nodes (you will be required to enter the password created in step #7 above)

 

2) Open pfxoutput.txt in a text editor.

3) Select all text between:

 

-----BEGIN RSA PRIVATE KEY-----

.........

-----END RSA PRIVATE KEY-----

 

and place this into a new file called: star_gordonstate_edu.key

3) Using the same file in Step #2, grab everything between... 

 

-----BEGIN CERTIFICATE-----

................

-----END CERTIFICATE-----

 

Put it into another file called: star_gordonstate_edu.crt

4) Now, you have successfully split the PFX file to both the Certificate and its private key.

5) Proceed to install the certificate as one would do for Apache.

 

Install the certificate on Apache

 

First, you will need to create a bundle file from the CRT files that are provided when you order the certificate.

 

1) In Windows command prompt navigate to the location of the unzipped certificate files

2) Run command below to create a bundle file which will contain the Intermediate and Root Certificates (this just combines both the Intermediate and Root certs into one file). List the Intermediate Certificate first and then Root Certificate.

 

cat ComodoRSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > ComodoCA.crt

 

*** Names could change in the future so match them up ***

 

3) Now, you have successfully created the Certificate Chain File (ComodoCA.crt) which will be used in the next steps along with the Certificate and private key files generated earlier (should have 3 files now).

4). Using SecureShell - upload the three files to the following locations on the Apache host server...

 

Copy star_gordonstate_edu.crt to /etc/httpd/conf/ssl.crt

Copy ComodoCA.crt to /etc/httpd/conf/ssl.crt

Copy star_gordonstate_edu.key to /etc/httpd/conf/ssl.key

 

** You may need to create the ssl.crt and ssl.key folders **

 

5) Make all of these files readable by the root only.

6) On the Apache host server - open /etc/httpd/conf.d/ssl.conf in a text editor. This file is the config file for SSL support

7) Find the VirtualHost directory for _default_:443.

 

<VirtualHost _default_:443>

 

8) Most everything should already be setup in this file however make sure that the SSLEngine switch is set to on...

 

SSLEngine on

 

9) Next, in the ssl.conf file - find the line SSLCertificateFile /etc/pki/tls/certs/localhost.crt under the Server Certificate section. Comment this line out #

10) Add the following line right below the commented line from Step #9        SSLCertificateFile /etc/httpd/conf/ssl.crt/star_gordonstate_edu.crt

11) Next, find the line SSLCertificateKeyFile /etc/pki/tls/private/localhost.key under the Server Private Key section. Comment this line out # if it isnt already

12) Add the following line right below the commented line from Step #11        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/star_gordonstate_edu.key

13) Next, find the line SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt under the Server Certificate Chain section. Make sure this line is commented out #

14) Add the following line right below the commented line from Step #13        SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ComodoCA.crt

15) This should be all you need to install the certificate. Save the ssl.conf file.

16) Restart Apache (apachectl restart)

17) Test https:// for the site in your browser.

 

 

 

 

 

 

 

 Revision Date : 9/20/2018

 

Was this article helpful? Yes | No

Article Details

Article ID:
396
Category:
Knowledgebase
Rating :

Related articles