...
The text file should be saved with the domain name and the crt extension and is your public key signed by that CA. In this example, it will be earth.com_server.crt.
Warning |
---|
This next section needs to should be expanded and moved out into a sub page. |
Store Certificates
...
In Ubuntu, the default location for SSL certificates are,
Panel |
---|
/etc/ssl/private/ # Only view-able by root the standard location for the private keys |
Storing
...
If the CA certificates did not exists on the server, you may need to manually add the CA certificates or .
In the case of the Select CA part of this tutorial the CA certificates were found and identified in the Ubuntu Certificate Repository.
Storing Public and Private Keys
Store the public key in the public folder,
Code Block | ||
---|---|---|
| ||
sudo chown root:root www.earth.com.crt sudo mv www.earth.com.crt /etc/ssl/certs |
Note |
---|
The above chown root:root command ensure the signed public key is protected. Also, if you are using a user other than root to start Apache, then adjust the file ownership accordinglyto that user. |
Store the private key into the protected folder,
...
Info |
---|
The ssl-cert group is a special group to make it easy for other processes to use certs. |
You may delete the csr request,
Code Block | ||
---|---|---|
| ||
rm www.earth.com_server.csr |
Next, Apache needs to be setup.
...
Certificate details can also be verified by clicking on the lock icon and selecting View certificates.
Info | ||
---|---|---|
On the topic of having SSL support for both https://www.earth.com and http://earth.com, when inspecting the certificate, navigate to,
Under the Certificate Subject Alt Name will see both DNS entries,
|
Clean Up
Some CSR requests may be re-used to renew the Signed SSL Certificate. However, often most CA's will by process ask for a new CSR even if the original may be reused. To avoid confusion it is best to delete the csr request once everything is proven to be working,
Code Block | ||
---|---|---|
| ||
rm www.earth.com_server.csr |
Last, it should be noted that the SSL Certificate will expire. Some CA's will use the submitted contact information to notify by email.
Warning |
---|
This section can be improved by explaining, how to check the expiry of a certificate using the browser, linked to an article about certificate renewal. |
References
https://help.ubuntu.com/10.04/serverguide/C/httpd.html#https-configuration - trying this one first.
...