Configuring Apache server configuration file providing SSL support

1) Get a host certificate

• If it is your personal machine:
  • Go to http://ca.cern.ch, sign in with your user certificate and request a host certificate. Server certificate and server private key will be generated.
  • Put the server certificate and server private key in /etc/grid-security/
• If it is in the dashboard cluster, ask the dashboard admin. The admin will do 'host-certificate-request' from lxvoadm

yum install ca_CERN-Root

3) As a root, modify the file /etc/httpd/conf.d/ssl.conf to point to your certificate. In particular you need to have the following lines:

SSLCertificateFile /etc/grid-security/yourcertificate.pem

SSLCertificateKeyFile /etc/grid-security/privkey.pem

SSLCACertificatePath /etc/grid-security/certificates

Check to see if it is working at this point. If you have problems you might need to perform the following additional steps:

1. Verify the certificate chains:

openssl verify -CApath /etc/grid-security/certificates/ /etc/grid-security/certificate.pem

You might need to verify your user certificate as well. If you get "error 20 at 0 depth lookup" error, you can go to /afs/cern.ch/alice/alien2/pro/globus/share/certificates/ and copy the necessary files into /etc/grid-security/certificates/.

2. Add the following line (if it's not there already) to the ssl.conf file.

SSLOptions +StdEnvVars +ExportCertData

-- PabloSaiz - 20-Jul-2010