www.bonsaiframework.com
Page tree

Versions Compared

Old Version 92

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 93

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The text file should be saved with the domain name and the crt extension and is your public key signed by that CA. In this example, it will be earth.com_server.crt.

Warning

This next section needs to should be expanded and moved out into a sub page.

Store Certificates

...

In Ubuntu, the default location for SSL certificates are,

Panel

/etc/ssl/private/ # Only view-able by root the standard location for the private keys
/etc/ssl/certs/ # Standard location for CA keys with symbolic links pointing to /usr/share/ca-certificates/

Storing

...

If the CA certificates did not exists on the server, you may need to manually add the CA certificates or .

In the case of the Select CA part of this tutorial the CA certificates were found and identified in the Ubuntu Certificate Repository.

Storing Public and Private Keys

Store the public key in the public folder,

Code Block
languagebash
sudo chown root:root www.earth.com.crt
sudo mv www.earth.com.crt /etc/ssl/certs
Note

The above chown root:root command ensure the signed public key is protected. Also, if you are using a user other than root to start Apache, then adjust the file ownership accordinglyto that user.

Store the private key into the protected folder,

...

Info

The ssl-cert group is a special group to make it easy for other processes to use certs.

You may delete the csr request,

Code Block
languagebash
rm www.earth.com_server.csr

Next, Apache needs to be setup.

...

Certificate details can also be verified by clicking on the lock icon and selecting View certificates.



Info

On the topic of having SSL support for both https://www.earth.com and http://earth.com, when inspecting the certificate, navigate to,

  1. www.earth.com
  2. Certificate
  3. Extensions
  4. Certificate Subject Alt Name

Under the Certificate Subject Alt Name will see both DNS entries,

No Format
Not Critical
DNS Name: www.earth.com
DNS Name: earth.com

Clean Up

Some CSR requests may be re-used to renew the Signed SSL Certificate. However, often most CA's will by process ask for a new CSR even if the original may be reused. To avoid confusion it is best to delete the csr request once everything is proven to be working,

Code Block
languagebash
rm www.earth.com_server.csr

Last, it should be noted that the SSL Certificate will expire. Some CA's will use the submitted contact information to notify by email.

Warning

This section can be improved by explaining, how to check the expiry of a certificate using the browser, linked to an article about certificate renewal.

References

https://help.ubuntu.com/10.04/serverguide/C/httpd.html#https-configuration - trying this one first.

...