Installing SSL Certificate

**riderryuken** · 02-12-2013

Hello all,

I'm trying to install an SSL certificate on our website (Centos 6.3). I thought this would be relatively simple, but my limited knowledge of Linux has foiled me again.

As of now if I try to go to the https link it says it can't establish a connection in firefox. If I try to restart apache I get

Syntax error on line 1039 of /etc/httpd/conf/httpd.conf:
SSLCertificateKeyFile: file '/etc/ssl/certs/mykey.key' does not exist or is empty

It's entirely possible I messed something up in moving the key or the creation or any step along the way. Any help or suggestions would be greatly appreciated.

Thank you!

**mizzle** · 02-12-2013

Here is everything you need to know:
HowTos/Https - CentOS Wiki

Follow that guide, and if you have any questions, post them here!

**riderryuken** · 02-12-2013

Thanks! So if I have files generated by our domain provider I guess I can skip the first part of step 2? Is there anything special I would need to do to the files permission-wise or anything?

Edit:
I guess where I've been getting confused is the faq for register.com (where I purchased the ssl certificate) is a bit confusing since you have to copy and paste things together to get the certificate. I'd appreciate a second set of eyes from anyone who can spare a minute to compare the two guides and see what I might be missing.

Double Edit:
I forgot the link, but apparently I'm not allowed to post it yet.
help.register.com/app/answers/detail/a_id/2990

**mizzle** · 02-12-2013

I say generate those self signed certs, and annotate owner, permissions, and SELinux context of each file, the replace the files with your cert and key and copy the permissions and ownerhip.

ls -lZ

If the SELinux context is different, you can run the restorecon * command to reapply the appropriate SELinux contexts to the file.

**riderryuken** · 02-12-2013

Alright I got it to at least show the self signed key. For step 3 and setting up the virtual hosts is it in ssl.conf or in httpd.conf ?

**mizzle** · 02-12-2013

Best practice is to put the virtual hosts settings in a .conf file in /etc/httpd/conf.d/

Something like sub.domain.com.conf is generally a good file name. If this is a production site, it will be greatly easier to manage in the future.

TipsAndTricks/ApacheVhostDir - CentOS Wiki

**riderryuken** · 02-13-2013

Alright I tried copying the files over top of the ones that existed for the self signed. Now when I try https or http I can't connect to the site at all.

**mizzle** · 02-13-2013

Did you remember to check SELinux contexts and file permissions as I had indicated?
Did you restart apache after you copied over the new certificates?

**riderryuken** · 02-13-2013

Restart yes. SELinux contexts no. I have to research those. Permissions as long as that's just checking they are the same with ls -la then yes.

Edit:
Seems to be with the key because when I change only it back then the site works again and https tells me it's untrusted. I guess a question for once I get this working, but I'm assuming I want the site to always be https so it's secured correct? How do I go about that and it should cover the whole site or does it depend on location?

**mizzle** · 02-13-2013

Is SELinux in enforcing mode?
command to check: getenforce
How to check SELinux contexts: ls -Z
You should be able to set the contexts correctly (if they are wrong) with
restorecon -RvF /etc/pki

Thread Tools

Display

Installing SSL Certificate

Posting Permissions