...
Code Block | ||
---|---|---|
| ||
mv sub.class1.server.ca.pem StartCom_Class_1_Primary_Intermediate_Server_CA.crt |
I am reconsidering keeping the certificate files with the Apache rather than the central Ubuntu location. For now, use this location,
Code Block |
---|
sudo mv StartCom_Class_1_Primary_Intermediate_Server_CA.crt /etc/ssl/certs/ |
Concatenating Chain Certficates
...
In other words, you only need CA certificates on Web Servers if you intent intend to have the Browsers authenticate and identify themselves.
...
Note |
---|
The above chown root:root command ensure the signed public key is protected. Also, if you are using a user other than root to start Apache, then adjust the file ownership to that user. |
Storing Chain Certificates
Chain certificates can be stored in the same location as the public certificates,
Code Block | ||
---|---|---|
| ||
sudo cp StartCom_Class_1_Primary_Intermediate_Server_CA.crt /etc/ssl/certs/
sudo chown root:root /etc/ssl/certs/StartCom_Class_1_Primary_Intermediate_Server_CA.crt |
You may notice that Ubuntu itself might already have a matching chain certificate under a different file name. This chain certificate can be used instead and it may be automatically updated by the Ubuntu Operating System (however, I have not found any documentation about how this actually works).
Storing Private Keys
Ubuntu has a pre-configured location for private keys, /etc/ssl/private.
...