Procedure to Install an Cern SSL Host Certificate on Apache SLC6

  • Step 1 : Generate the certificates : cern.ch/ca
  • Step 2 : Download newcert.cer, privkey.pem, certchain.p7b
  • Step 3 : Copy newcert.cer and certchain.p7b to /etc/pki/tls/certs/ on your host
  • Step 4 : Copy privkey.pem to /etc/pki/tls/private/ on you host
  • Step 5 : Ensure the files have correct permissions

At this point you need to have apache and mod_ssl packages installed :

yum install httpd mod_ssl

  • Step 6 : Modify /etc/httpd/conf.d/ssl.conf
After the line “LoadModule ssl_module modules/mod_ssl.so”
Add the line : “TraceEnable Off”

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/newcert.cer

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/privkey.pem

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
SSLCertificateChainFile /etc/pki/tls/certs/CERN-bundle.pem
  • Step 7 : Restart apache
service httpd restart

Procedure to Install an Cern SSL Host Certificate on Apache SLC5

  • Step 1 : Generate the certificates : cern.ch/ca
  • Step 2 : Download newcert.cer, privkey.pem, certchain.p7b
  • Step 3 : Copy newcert.cer and certchain.p7b to /etc/pki/tls/certs/ on your host
  • Step 4 : Copy privkey.pem to /etc/pki/tls/private/ on you host
  • Step 5 : Execute in /etc/pki/tls/certs/ : “openssl pkcs7 -print_certs -in certchain.p7b -out certchain.crt”
  • Step 6 : Ensure the files have correct permissions

At this point you need to have apache and mod_ssl packages installed :

yum install httpd mod_ssl
  • Step 7 : Modify /etc/httpd/conf.d/ssl.conf
After the line “LoadModule ssl_module modules/mod_ssl.so”
Add the line : “TraceEnable Off”

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/newcert.cer

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/privkey.pem

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
SSLCertificateChainFile /etc/pki/tls/certs/CERN-bundle.pem
  • Step 8 : Restart apache
service httpd restart
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2014-09-09 - MatthiasSchroeder
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LinuxSupport All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback