Install a certificate on Apache release 1 OVH (RH 7.2 standard)
You received your certificate by email with one or several intermediate certificates and a root certificate. Keep this email within reach.1- Retrieve your certificate(s) on your server
Go back where the private key has been generated, for example:cd /usr/local/apache/conf/ssl.crtIn the delivery email you'll find several links. Click on them and download the associated files:
- A: your server certificate
- B: the certification chain
2- Configure Apache
Edit the configuration file of your Apache:/usr/local/apache/conf/httpd.confIf you only have one certificate installed on this machine, locate the section beginning with:
<VirtualHost _default_:443>In order to serve your content, edit as you wish the lines: DocumentRoot and ServerName
and edit the following instructions to make them point to your files:
# Your server certificate (A) SSLCertificateFile /usr/local/apache/conf/ssl.crt/cert-0000000000-1234.cer # Your private key (initially generated) SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.exemple.com.key # SSL/TLS configuration # 128-bit maximum security SSLCipherSuite !EDH:!RC4:!ADH:!DSS:HIGH:+AES128:+AES256-SHA256:+AES128-SHA256:+SHA:!3DES:!NULL:!aNULL:!eNULL SSLProtocol all -SSLv2 -SSLv3For the certification chain (file B), add:
SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/chain-0000000000-1234.txtSee SSLCertificateChainFile
3- Edit the Apache start function
Make sure your server has been configured to use SSL. To do so, edit the file:/etc/sysconfig/apacheand make sure the line
OPTIONS="-DSSL"is not commented (it is by default, remove the comment).
4- Restart Apache and run a test
Once setted up, restart the Apache server./etc/rc.d/init.d/httpd restartIf it does not restart, verify the SSL log in /var/log/httpd/ to find the mistake.
Check the access of your website's secured pages with IE 6 and Firefox.
External links
Sum up example
<VirtualHost 192.2.0.20:443> DocumentRoot "/home/virtual/www" ServerName www.virtualhost.com SSLEngine on SSLCipherSuite !EDH:!RC4:!ADH:!DSS:HIGH:+AES128:+AES256-SHA256:+AES128-SHA256:+SHA:!3DES:!NULL:!aNULL:!eNULL SSLProtocol ALL -SSLv2 -SSLv3 SSLCertificateFile "/usr/local/apache/conf/ssl.crt/www.virtualhost.com.crt" SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/www.virtualhost.com.key" SSLCertificateChainFile "/usr/local/apache/conf/ssl.crt/thawteintermediate.crt" </VirtualHost>
Last edited on 11/24/2020 15:33:57 --- [search]