Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: dessex on October 28, 2004, 08:07:40 AM

Title: Apache Config and SSL Certificate from CA
Post by: dessex on October 28, 2004, 08:07:40 AM

I have a SME 6.0 box with a website in the primary site "/home/e-smith/files/primary".  The CA gave me the following instructions for installing the three files I recieved:

***

Edit your httpd.conf file by adding the following line to the SSL section.

SSLCACertificateFile /your_directory_path/DigiCertSecurityServicesCA.crt

The SSLCertificateKeyFile should point to the key file generated when you created your CSR.

This should make your config file look something like this (directories may vary on your server):

SSLEngine on
SSLCertificateFile /etc/ssl/crt/your_domain_name.crt
SSLCertificateKeyFile /etc/ssl/crt/your_private.key
SSLCACertificateFile /etc/httpd/conf/DigiCertSecurityServicesCA.crt

Save your config file, and restart Apache.

***

I think that I will need to add or modify template fragments to accomplish these updates to the Apache httpd.conf file.  I tried to figure it out and realized I needed some help.  If anyone would be willing to point me in the right direction it would be greatly appreciated.  Thanks!

Title: Apache Config and SSL Certificate from CA
Post by: Mumm-Ra on November 04, 2004, 01:00:58 AM

You shouldn't need to edit any apache fragment as the server is, by default, already setup to use ssl certificates.  The only difference is where the certificates are stored on the system.
On SME, your key & crt files are stored under the following directory /home/e-smith then key or crt for the relevant files.
Just run through the procedure from the CA but name your files <nameofserver>.<domainname>
For example - my server is called mail (I know it's a cr*ppy name) & the primary domain is hspencer.co.uk.
My crt & key files are named mail.hspencer.co.uk.crt & mail.hspencer.co.uk.key.  If you follow the naming convention then you don't have to edit any apache fragments.

I followed a great how-to by Greg Swallow, only I bought my certificate from freessl when they were $20 for a year.
The how-to can be found here http://forums.contribs.org/index.php?topic=24067.0

Hope it works out.

Howard

Title: Worked like a charm - Thanks!
Post by: dessex on December 06, 2004, 07:24:20 PM

I DID NOT GET BACK AROUND TO THIS UNTIL NOW.  THANK YOU FOR THE GOOD ADVICE AND POINTING ME TO THE HOWTO!  IT WORKED!!