0

I need to get https enabled on a webserver (RHEL 7.9, httpd 2.4.6). We were provided a pem file, with the following format:

-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----

and a .key file

-----BEGIN PRIVATE KEY-----
//
-----END PRIVATE KEY-----

I've seen guides and tutorials online (for tomcat) that we need to use the keytool command to import the certificates such as

keytool -import -trustcacerts -alias ALIAS -file file.crt -keystore key.jks

However, I've found none that addresses when the certificate and key are in .pem and .key formats. For example, I used the following command:

keytool -import -trustcacerts -alias mysite -file mysite.pem -keystore mysite.key

and it gives an error: keytool error: java.io.IOEXception: Invalid keystore format

On the configuration side, I have the following:

<VirtualHost <ip>:443>
    SSLCertificateFile /etc/home/admin/mysite.pem
    SSLCertificateKeyFile /etc/home/admin/mysite.key
    SSLEngine on

Which gives an error when running the httpd.service:

Invalid command 'SSLCertificateFile', perhaps misspelled or defined by a module not included in the server configuration

What would be the correct steps to take when enabling https on apache httpd 2.4.6?

demiglace
  • 101
  • 2
  • 2
    The error message quoted at the end indicates that you probably don't have the mod_ssl module enabled in your Apache configuration. After you enable it, `SSLCertificateFile` and other SSL-related configuration directives should be accepted. I don't understand the purpose of whole `keytool` related stuff you quoted, it should be enough just to put the `.pem` and `.key` files into locations specified in your config file. – raj Feb 07 '23 at 16:46
  • `keytool` has nothing to do with Apache. It's a tool used to manage certificates in the Java ecosystem. – larsks Feb 07 '23 at 20:42

0 Answers0