Enabling Apache SSL via Microsoft Certificate Server
The paths for this example are based on FreeBSD 7.2. You’ll notice extra lines inserted into the sequence of commands below. You’ll need to enter the key file password either once or twice for each command preceding an extra line. Also, replace URL with your server’s internet name (e.g. www.nosam.com) wherever it is used below since this will allow you to support several virtual server certificates:
cd /usr/local/etc/apache22
openssl genrsa -des3 -out URL.key 1024
openssl rsa -in URL.key -out URL.pem
openssl req -new -key URL.key -out URL.csr
Get a “Web Server” certificate from Microsoft Certificate Server.
- Using the URL.csr file contents.
- Download just the certificate (not the certificate chain) in “Base 64 encoded” format.
- Save with the filename URL.crt file into the /usr/local/etc/apache22 directory
chmod 0400 /usr/local/etc/apache22/URL.pem
chmod 0400 /usr/local/etc/apache22/URL.key
chmod 0400 /usr/local/etc/apache22/URL.crt
chmod 0400 /usr/local/etc/apache22/URL.csr
Next, edit the httpd.conf file in /usr/local/etc/apache22 and uncomment the “Include” line:
# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf
Finally, edit the httpd-ssl.conf in /usr/local/etc/apache22/extra:
SSLCertificateFile “/usr/local/etc/apache22/URL.crt”
SSLCertificateKeyFile “/usr/local/etc/apache22/URL.pem”
Restart Apache via the “apachectl restart” command.
Recent Comments