Enabling Apache SSL via Microsoft Certificate Server

By | July 1, 2009

The paths for this example are based on FreeBSD 7.2. You’ll notice extra lines inserted into the sequence of commands below. You’ll need to enter the key file password either once or twice for each command preceding an extra line. Also, replace URL with your server’s internet name (e.g. www.nosam.com) wherever it is used below since this will allow you to support several virtual server certificates:

cd /usr/local/etc/apache22
openssl genrsa -des3 -out URL.key 1024
openssl rsa -in URL.key -out URL.pem
openssl req -new -key URL.key -out URL.csr

Get a “Web Server” certificate from Microsoft Certificate Server.

  1. Using the URL.csr file contents.
  2. Download just the certificate (not the certificate chain) in “Base 64 encoded” format.
  3. Save with the filename URL.crt file into the /usr/local/etc/apache22 directory

chmod 0400 /usr/local/etc/apache22/URL.pem
chmod 0400 /usr/local/etc/apache22/URL.key
chmod 0400 /usr/local/etc/apache22/URL.crt
chmod 0400 /usr/local/etc/apache22/URL.csr

Next, edit the httpd.conf file in /usr/local/etc/apache22 and uncomment the “Include” line:

# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf

Finally, edit the httpd-ssl.conf in /usr/local/etc/apache22/extra:

SSLCertificateFile “/usr/local/etc/apache22/URL.crt”
SSLCertificateKeyFile “/usr/local/etc/apache22/URL.pem”

Restart Apache via the “apachectl restart” command.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.