Install SwissSign SSL Server Certificate in Apache
Views: 696
Install Apache (Ubuntu)
Install and enable Apache and SSL module on your computer, i.e. on Ubuntu:
-
sudo apt-get install apache2
If SSL is not yet enabled, (i.e. file /etc/apache2/mods-enabled/ssl.load
does not exist or is not a link to /etc/apache2/mods-available/ssl.load
), enable the ssl module:
-
sudo a2enmod ssl
Enable the default SSL configuration, this links the existing file /etc/apache2/sites-available/default-ssl
to /etc/apache2/sites-enabled/default-ssl
(if on your system, the example configuration has another name, just use that instead of default-ssl
):
-
sudo a2ensite default-ssl
Configure Apache
Edit the configuration file, e.g. /etc/apache2/sites-enabled/default-ssl
:
Change the following lines (use your certificate filename instead of filename
):
Old Value |
---|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem |
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key |
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt |
New Value |
SSLCertificateFile /etc/ssl/certs/filename.pem |
SSLCertificateKeyFile /etc/ssl/private/filename.key |
SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt |
Install Certificate and Key
If you download you certificate from http://SwissSign.com, it is a *.p12
-file (in PKCS#12 format). For Installation in Apache you need to split it into a key and certificate file.
In this tutorial, the filename of the downloaded certificate is filename.p12.
Get the plain keyfile (without password encryption) and the certificate from the PKCS#12 file:
-
openssl pkcs12 -in filename.p12 -out filename.key -nodes -nocerts
-
openssl pkcs12 -in filename.p12 -out filename.pem -nodes -nokeys -clcerts
-
openssl pkcs12 -in filename.p12 -out server-ca.crt -nodes -nokeys -cacerts
Move the files into the Apache configuration:
-
sudo mv filename.pem /etc/ssl/certs/
-
sudo mv filename.key /etc/ssl/private/
-
sudo mkdir /etc/apache2/ssl.crt/
-
sudo mv server-ca.crt /etc/apache2/ssl.crt/
Reload Apache – Done!
Reload the apache configuration and you’re already done:
-
sudo service apache2 reload
Remember: OpenSSL Certificate Conversions
- Extract Client Certificate File from PKCS#12 File:
openssl pkcs12 -in filename.p12 -out filename.pem -nodes -nokeys -clcerts
- Extract CA Certificate File from PKCS#12 File:
openssl pkcs12 -in filename.p12 -out filename.pem -nodes -nokeys -cacerts
- Extract Key File from PKCS#12 File:
openssl pkcs12 -in filename.p12 -out filename.key -nodes -nocerts
- Extract Password Encrypted Key File from PKCS#12 File:
openssl pkcs12 -in filename.p12 -out filename.pem -nocerts
- Change PKCS#12 Password:
openssl pkcs12 -in old-filename.p12 -nodes > x && openssl pkcs12 -export -in x -out new-filename.p12; rm x
- Generate PKCS#12 File from Key and Certificate Files:
openssl pkcs12 -export -in filename.pem -inkey filename.key -out filename.p12
- Download certificate with Certificate Encoding PEM, deselect PKCS#7 Format and select Include Certificate Chain.