Certs-Apache
Jump To: Support > KB > NetManager > Certs > Apache
Configuration and installation of SSL certificates for Apache (webserver)
This documentation has been superseded due to new features added to NetManager. The new procedure is documented here
Requesting a certificate
Visit http://netmanager:880/private/security/certs/ in webadmin and fill in all the required fields. Ensure your Organisation name matches that in the domain to be secured.
Go to a command line and type enablehttps
netmanager 1# enablehttps The EXACT name of the server to be secured :remote.myschool.lea.sch.uk Organisation : My School Domain : remote.myschool.lea.sch.uk Admin email : administrator@myschool.lea.sch.uk Town/City : Cambridge County : Cambridgeshire Country : GB Are these values correct? (y/n) [n]:y Generating RSA private key, 1024 bit long modulus ....................................................................... .....................................................++++++ ..................................................................++++++ e is 65537 (0x10001) Signature ok subject=/C=GB/ST=Cambridgeshire/L=Cambridge/O=My School/CN=re mote.myschool.lea.sch.uk/emailAddress=administrator@myschool.lea.sch.uk Getting Private key Enable https and restart web-server? [y]: netmanager 2#
The CSR can be found in /etc/netmanager/certs/httpd/secure.csr:
netmanager 2# cat /etc/netmanager/certs/httpd/secure.csr -----BEGIN CERTIFICATE REQUEST----- MIIB7TCCAVYCAQAwgawxCzAJBgNVBAYTAkdCMRcwFQYDVQQIEw5DYW1icmlkZ2Vz aGlyZTESMBAGA1UEBxMJQ2FtYnJpZGdlMSUwIwYDVQQKExxQcmVjZWRlbmNlIFRl Y2hub2xvZ2llcyBMdGQuMSMwIQYDVQQDExpyZW1vdGUubXlzY2hvb2wubGVhLnNj aC51azEkMCIGCSqGSIb3DQEJARYVdHVhbkBwcmVjZWRlbmNlLmNvLnVrMIGfMA0G CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDBBUf+uKmbZ43KxobOpxmoJxXmDvRXW9+ dQq7J0k5THQ/2OanVGWoSFNJVhJwFaGQCnl7qI9P3V1Vihk/Eskl3WrPBTm4Tf6p 0+pJGpZstvGESTqxD1KQyqZStTqkUzvxRKN7rwiXK6YkP+7fccjW2AOKSK/lCAvY S7EgQj3YtQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAqh+RWzVtqNYhx64OVi7/ 2sbs1j8tCQSDmTLVQ/Mf+QpuvhcTriizG2S2GhfkrPizpiSDP1Rn2TaWc+Rm83eY 4DQ/QvqDXQ1jYPNljmrSFgIQs73Ex1W8Zz2EVyA3JxuGFYrRz+O21L7ghi0pYjl2 tmU5gr9iZQKGJz6r7Lxmxfc= -----END CERTIFICATE REQUEST----- netmanager 3#
Installation of the certificate once approved
The certificate should be copied to /etc/netmanager/certs/httpd/secure.crt. Probably the best way of doing this is to use an ssh client such as PuTTY:
- Launch PuTTY (or other ssh client)
- Log in as ncadmin
- Type
su -to switch to user root - Enter root password
- Press return at Console Menu to get to command line
- Type
cd /etc/netmanager/certs/httpd - Type
cat > secure.crt - Copy the text of the cert to the clipboard and paste into the PuTTY window by right-clicking (or whatever is appropriate for your ssh client, e.g. Apple-V for MacOS Terminal.app).
- Type Ctrl-D
- Download the Thawte CA bundle. This can probably be done using ftp on the NetManager directly:
netmanager 3# wget --no-check-certificate https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem --2010-12-01 10:18:28-- https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem Resolving search.thawte.com (search.thawte.com)... 69.58.180.52 Connecting to search.thawte.com (search.thawte.com)|69.58.180.52|:443... connected. WARNING: cannot verify search.thawte.com's certificate, issued by `/C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA': Unable to locally verify the issuer's authority. HTTP request sent, awaiting response... 200 OK Length: 3234 (3.2K) [text/plain] Saving to: `SSL123_CA_Bundle.pem' 100%[======================================>] 3,234 --.-K/s in 0.004s 2010-12-01 10:18:29 (712 KB/s) - `SSL123_CA_Bundle.pem' saved [3234/3234]
- Alternatively, please download the bundle manually and use the copy and paste method (i.e.
cat > SSL123_CA_Bundle.pem) to install it - Run
/usr/libexec/build/apacheto switch to the newly installed certificate