Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
F: +44 (0)8456 446 899 / +44 (0)1223 359459
E: enquiries@precedence.co.uk
Certs-Apache

Jump To: Support > KB > NetManager > Certs > Apache

Configuration and installation of SSL certificates for Apache (webserver)

This documentation has been superceded due to new features added to NetManager. The new procedure is documented here

Requesting a certificate

Visit http://netmanager:880/private/security/certs/ in webadmin and fill in all the required fields. Ensure your Organisation name matches that in the domain to be secured.

Go to a command line and type enablehttps

netmanager 1# enablehttps 
The EXACT name of the server to be secured :remote.myschool.lea.sch.uk
Organisation : My School
Domain       : remote.myschool.lea.sch.uk
Admin email  : administrator@myschool.lea.sch.uk
Town/City    : Cambridge
County       : Cambridgeshire
Country      : GB

Are these values correct? (y/n) [n]:y
Generating RSA private key, 1024 bit long modulus
.......................................................................
.....................................................++++++
..................................................................++++++
e is 65537 (0x10001)
Signature ok
subject=/C=GB/ST=Cambridgeshire/L=Cambridge/O=My School/CN=re
mote.myschool.lea.sch.uk/emailAddress=administrator@myschool.lea.sch.uk
Getting Private key

Enable https and restart web-server? [y]:
netmanager 2#

The CSR can be found in /etc/netmanager/certs/httpd/secure.csr:

netmanager 2# cat /etc/netmanager/certs/httpd/secure.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIB7TCCAVYCAQAwgawxCzAJBgNVBAYTAkdCMRcwFQYDVQQIEw5DYW1icmlkZ2Vz
aGlyZTESMBAGA1UEBxMJQ2FtYnJpZGdlMSUwIwYDVQQKExxQcmVjZWRlbmNlIFRl
Y2hub2xvZ2llcyBMdGQuMSMwIQYDVQQDExpyZW1vdGUubXlzY2hvb2wubGVhLnNj
aC51azEkMCIGCSqGSIb3DQEJARYVdHVhbkBwcmVjZWRlbmNlLmNvLnVrMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDBBUf+uKmbZ43KxobOpxmoJxXmDvRXW9+
dQq7J0k5THQ/2OanVGWoSFNJVhJwFaGQCnl7qI9P3V1Vihk/Eskl3WrPBTm4Tf6p
0+pJGpZstvGESTqxD1KQyqZStTqkUzvxRKN7rwiXK6YkP+7fccjW2AOKSK/lCAvY
S7EgQj3YtQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAqh+RWzVtqNYhx64OVi7/
2sbs1j8tCQSDmTLVQ/Mf+QpuvhcTriizG2S2GhfkrPizpiSDP1Rn2TaWc+Rm83eY
4DQ/QvqDXQ1jYPNljmrSFgIQs73Ex1W8Zz2EVyA3JxuGFYrRz+O21L7ghi0pYjl2
tmU5gr9iZQKGJz6r7Lxmxfc=
-----END CERTIFICATE REQUEST-----
netmanager 3#

Installation of the certificate once approved

The certificate should be copied to /etc/netmanager/certs/httpd/secure.crt. Probably the best way of doing this is to use an ssh client such as PuTTY:

  • Launch PuTTY (or other ssh client)
  • Log in as ncadmin
  • Type su - to switch to user root
  • Enter root password
  • Press return at Console Menu to get to command line
  • Type cd /etc/netmanager/certs/httpd
  • Type cat > secure.crt
  • Copy the text of the cert to the clipboard and paste into the PuTTY window by right-clicking (or whatever is appropriate for your ssh client, e.g. Apple-V for MacOS Terminal.app).
  • Type Ctrl-D
  • Download the Thawte CA bundle. This can probably be done using ftp on the NetManager directly:
netmanager 3# wget --no-check-certificate https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem
--2010-12-01 10:18:28--  https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem
Resolving search.thawte.com (search.thawte.com)... 69.58.180.52
Connecting to search.thawte.com (search.thawte.com)|69.58.180.52|:443... connected.
WARNING: cannot verify search.thawte.com's certificate, issued by `/C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA':
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 3234 (3.2K) [text/plain]
Saving to: `SSL123_CA_Bundle.pem'

100%[======================================>] 3,234       --.-K/s   in 0.004s  

2010-12-01 10:18:29 (712 KB/s) - `SSL123_CA_Bundle.pem' saved [3234/3234]
  • Alternatively, please download the bundle manually and use the copy and paste method (i.e. cat > SSL123_CA_Bundle.pem) to install it
  • Run /usr/libexec/build/apache to switch to the newly installed certificate
© Copyright Precedence Technologies 1999-2017
Page last modified on February 18, 2014, at 12:28 PM by sborrill