Jump To: Support > KB > NetManager > Certs > Apache

Configuration and installation of SSL certificates for Apache (webserver)

Please note - the Precedence support team will normally do all this for you. It is documented here for completeness

Requesting a certificate

Visit http://netmanager:880/private/security/certs/ in webadmin and fill in all the required fields. Ensure your Organisation name matches that in the domain to be secured.

Go to a command line and type enablehttps

netmanager 1# enablehttps 
The EXACT name of the server to be secured :remote.myschool.lea.sch.uk
Organisation : My School
Domain       : remote.myschool.lea.sch.uk
Admin email  : administrator@myschool.lea.sch.uk
Town/City    : Cambridge
County       : Cambridgeshire
Country      : GB

Are these values correct? (y/n) [n]:y
Generating RSA private key, 1024 bit long modulus
.......................................................................
.....................................................++++++
..................................................................++++++
e is 65537 (0x10001)
Signature ok
subject=/C=GB/ST=Cambridgeshire/L=Cambridge/O=My School/CN=re
mote.myschool.lea.sch.uk/emailAddress=administrator@myschool.lea.sch.uk
Getting Private key

Enable https and restart web-server? [y]:
netmanager 2#

The CSR can be found in /etc/netmanager/certs/httpd/secure.csr:

netmanager 2# cat /etc/netmanager/certs/httpd/secure.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIB7TCCAVYCAQAwgawxCzAJBgNVBAYTAkdCMRcwFQYDVQQIEw5DYW1icmlkZ2Vz
aGlyZTESMBAGA1UEBxMJQ2FtYnJpZGdlMSUwIwYDVQQKExxQcmVjZWRlbmNlIFRl
Y2hub2xvZ2llcyBMdGQuMSMwIQYDVQQDExpyZW1vdGUubXlzY2hvb2wubGVhLnNj
aC51azEkMCIGCSqGSIb3DQEJARYVdHVhbkBwcmVjZWRlbmNlLmNvLnVrMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDBBUf+uKmbZ43KxobOpxmoJxXmDvRXW9+
dQq7J0k5THQ/2OanVGWoSFNJVhJwFaGQCnl7qI9P3V1Vihk/Eskl3WrPBTm4Tf6p
0+pJGpZstvGESTqxD1KQyqZStTqkUzvxRKN7rwiXK6YkP+7fccjW2AOKSK/lCAvY
S7EgQj3YtQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAqh+RWzVtqNYhx64OVi7/
2sbs1j8tCQSDmTLVQ/Mf+QpuvhcTriizG2S2GhfkrPizpiSDP1Rn2TaWc+Rm83eY
4DQ/QvqDXQ1jYPNljmrSFgIQs73Ex1W8Zz2EVyA3JxuGFYrRz+O21L7ghi0pYjl2
tmU5gr9iZQKGJz6r7Lxmxfc=
-----END CERTIFICATE REQUEST-----
netmanager 3#

Installation of the certificate once approved

The certificate should be copied to /etc/netmanager/certs/httpd/secure.crt. Probably the best way of doing this is to use an ssh client such as PuTTY:

• Launch PuTTY (or other ssh client)
• Log in as ncadmin
• Type su - to switch to user root
• Enter root password
• Press return at Console Menu to get to command line
• Type cd /etc/netmanager/certs/httpd
• Type cat > secure.crt
• Copy the text of the cert to the clipboard and paste into the PuTTY window by right-clicking (or whatever is appropriate for your ssh client, e.g. Apple-V for MacOS Terminal.app).
• Type Ctrl-D
• Download the Thawte CA bundle. This can probably be done using ftp on the NetManager directly:

netmanager 3# wget --no-check-certificate https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem
--2010-12-01 10:18:28--  https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem
Resolving search.thawte.com (search.thawte.com)... 69.58.180.52
Connecting to search.thawte.com (search.thawte.com)|69.58.180.52|:443... connected.
WARNING: cannot verify search.thawte.com's certificate, issued by `/C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA':
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 3234 (3.2K) [text/plain]
Saving to: `SSL123_CA_Bundle.pem'

100%[======================================>] 3,234       --.-K/s   in 0.004s  

2010-12-01 10:18:29 (712 KB/s) - `SSL123_CA_Bundle.pem' saved [3234/3234]

• Alternatively, please download the bundle manually and use the copy and paste method (i.e. cat > SSL123_CA_Bundle.pem) to install it
• Run /usr/libexec/build/apache to switch to the newly installed certificate