FAQs
Those might have popped-up in your mind.
Categories
How to deploy SSL Certificate in Windows Azure environment ?
Installation of SSL Certificate in Windows Azure environment is different. It requires a special password protected PFX file with Triple DES encryption. Please mention this requirement while placing request to us. We will send this special PFX file.
Installation steps are given on this Blog Post.
Tagged In
No Comments Yet.
While requesting Intranet SSL, should I generate CSR or just give certificate details ?
Good question.
It is always recommended to generate CSR on your web server and share with us. This is because the private key generated during the CSR generation remains on your server, within your premises.
On the other hand, if you give certificate details to us, we generate the CSR. It is called Auto-CSR. During this process, private key is generated on our machine. When we ship the Intranet SSL to you, we send the SSL certificate along with the private key. This method is slightly risky because the private key can be intercepted by someone when it is sent through email.
But generation of CSR for Intranet SSL poses some technical challenges. Reason is that modern browsers expect the CSR to have require SAN values correctly specified.
For example, if the Common Name is “abc.local” then the CN=abc.local and SAN value should be DNS=abc.local. But it is not easy to generate CSR with SAN values on Windows or Linux.
Another issue comes when the certificate is to be issued to an IP address. In this case SAN should have two values. They are DNS=[IP-address] and IP=[IP-Address].
If any of these SAN values are not specified while generating the CSR then browser gives 'Certificate not Trusted' error.
Of course, we have shared the steps to generate CSR with SAN values. Link is given below.
Tagged In
No Comments Yet.
How to Install and Configure SecureNT Intranet SSL Certificate on Your Apache Server ?
-
Copy the required certificate files to your server from the supplied zip file.
a. server.cer (File #1)
b. SecureNT CA-Bundle.cer (File #5)Copy these files, along with the .key file (Private Key) you generated when creating the CSR, to the directory on the server where you keep your certificate and key files. Use serverkey.cer (File #2, Private Key) when generated by SecureNT.
Note: Make them readable by root only to increase security. -
Find the Apache configuration file (httpd.conf) you need to edit.
The location and name of the configuration file can vary from server to server—especially if you're using a special interface to manage your server configuration.- Apache's main configuration file is typically named httpd.conf or apache2.conf. Possible locations for this file include /etc/httpd/ or /etc/apache2/. For a comprehensive listing of default installation layouts for Apache HTTPD on various operating systems and distributions, see Httpd Wiki - Distros Default Layout.
- Often, the SSL certificate configuration is located in a
block in a different configuration file. The configuration files may be under a directory like /etc/httpd/vhosts.d/, /etc/httpd/sites/, or in a file called httpd-ssl.conf.
One way to locate the SSL Configuration on Linux distributions is to search using grep, as shown in the example below. Run the following command:
grep -i -r "SSLCertificateFile" /etc/httpd/
Note: Make sure to replace /etc/httpd/ with the base directory of your Apache installation.
-
Configure the
block for the SSL-enabled site a. Below is a very simple example of a virtual host configured for SSL. The parts listed in blue are the parts you must add for SSL configuration.
<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/html2
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/server.cer
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/SecureNT CA-Bundle.cer
</VirtualHost>
b. Make sure to adjust the file names to match your certificate files.
- SSLCertificateFile is your SecureNT certificate file (e.g., server.cer).
- SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., serverkey.cer or your_private.key).
-
SSLCertificateChainFile is the SecureNT CA certificate file Bundle (e.g., SecureNT CA-Bundle.cer)
Note: If the “SSLCertificateChainFile” directive does not work, try using the “SSLCACertificateFile” directive instead.
- Test your Apache configuration file before restarting.
As a best practice, check your Apache configuration file for any errors before restarting Apache.
Caution: Apache won't start again if your configuration files have syntax errors. Run the following command to test your configuration file (on some systems, it's apache2ctl):
apachectl configtest
- Restart Apache.
You can use
apachectl
commands to stop and start Apache with SSL support.apachectl stop apachectl start
Restart Notes:
If Apache doesn't restart with SSL support, try using apachectl startssl instead of apachectl start. If SSL support only loads with apachectl startssl, we recommend you adjust the apache startup configuration to include SSL support in the regular apachectl start command. Otherwise, your server may require to manually restart Apache using apachectl startssl in the event of a server reboot. This usually involves removing the <IfDefine SSL>
and </IfDefine>
tags that enclose your SSL configuration.
Congratulations! You've successfully installed your SSL certificate.
Tagged In
No Comments Yet.
Categories
Tags