Find the answer to your Linux question:
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 23
Hello all, I'm trying to install an SSL certificate on our website (Centos 6.3). I thought this would be relatively simple, but my limited knowledge of Linux has foiled me ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2011
    Posts
    18

    Installing SSL Certificate


    Hello all,

    I'm trying to install an SSL certificate on our website (Centos 6.3). I thought this would be relatively simple, but my limited knowledge of Linux has foiled me again.

    As of now if I try to go to the https link it says it can't establish a connection in firefox. If I try to restart apache I get

    Syntax error on line 1039 of /etc/httpd/conf/httpd.conf:
    SSLCertificateKeyFile: file '/etc/ssl/certs/mykey.key' does not exist or is empty

    It's entirely possible I messed something up in moving the key or the creation or any step along the way. Any help or suggestions would be greatly appreciated.

    Thank you!

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    910
    Here is everything you need to know:
    HowTos/Https - CentOS Wiki

    Follow that guide, and if you have any questions, post them here!

  3. #3
    Just Joined!
    Join Date
    May 2011
    Posts
    18
    Thanks! So if I have files generated by our domain provider I guess I can skip the first part of step 2? Is there anything special I would need to do to the files permission-wise or anything?

    Edit:
    I guess where I've been getting confused is the faq for register.com (where I purchased the ssl certificate) is a bit confusing since you have to copy and paste things together to get the certificate. I'd appreciate a second set of eyes from anyone who can spare a minute to compare the two guides and see what I might be missing.

    Double Edit:
    I forgot the link, but apparently I'm not allowed to post it yet.
    help.register.com/app/answers/detail/a_id/2990
    Last edited by riderryuken; 02-12-2013 at 07:00 PM.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    910
    I say generate those self signed certs, and annotate owner, permissions, and SELinux context of each file, the replace the files with your cert and key and copy the permissions and ownerhip.

    ls -lZ

    If the SELinux context is different, you can run the restorecon * command to reapply the appropriate SELinux contexts to the file.

  6. #5
    Just Joined!
    Join Date
    May 2011
    Posts
    18
    Alright I got it to at least show the self signed key. For step 3 and setting up the virtual hosts is it in ssl.conf or in httpd.conf ?

  7. #6
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    910
    Best practice is to put the virtual hosts settings in a .conf file in /etc/httpd/conf.d/

    Something like sub.domain.com.conf is generally a good file name. If this is a production site, it will be greatly easier to manage in the future.

    TipsAndTricks/ApacheVhostDir - CentOS Wiki

  8. #7
    Just Joined!
    Join Date
    May 2011
    Posts
    18
    Alright I tried copying the files over top of the ones that existed for the self signed. Now when I try https or http I can't connect to the site at all.

  9. #8
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    910
    Did you remember to check SELinux contexts and file permissions as I had indicated?
    Did you restart apache after you copied over the new certificates?

  10. #9
    Just Joined!
    Join Date
    May 2011
    Posts
    18
    Restart yes. SELinux contexts no. I have to research those. Permissions as long as that's just checking they are the same with ls -la then yes.

    Edit:
    Seems to be with the key because when I change only it back then the site works again and https tells me it's untrusted. I guess a question for once I get this working, but I'm assuming I want the site to always be https so it's secured correct? How do I go about that and it should cover the whole site or does it depend on location?

  11. #10
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    910
    Is SELinux in enforcing mode?
    command to check: getenforce
    How to check SELinux contexts: ls -Z
    You should be able to set the contexts correctly (if they are wrong) with
    restorecon -RvF /etc/pki

Page 1 of 3 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •