RHEL6 httpd Root CA configuration

Question

I'm setting up SSL on a RHEL6 box and I'm having problems finding information about configuring the Root CAs.

I've got four files:

• cert.crt - My SSL certificate
• my_key.key - The key used to request/generate the certificate
• CorpDomain.cer - File given to me by my company, this is an ASCII Test file
• CorpServices.cer - File given to me by my company, this is a binary file

In /etc/httpd/conf.d/ssl.conf I have the following:

SSLCertificateFile /etc/pki/tls/certs/cert.crt
SSLCertificateKeyFile /etc/pki/tls/private/my_key.key
#SSLCertificateChainFile
#SSLCACertificateFile

The email I got from my company when they issued my certificate said:

It's important that you install the related certificate chains. For the certificate you requested you need two Root CAs:

CorpDomain.cer

CorpServices.cer

If you don't know how to install the chain, you will find instructions in your platforms documentation.

Now, I think I need to concatenate CorpDomain.cer and CorpServices.cer, however CorpServices.cer is a binary file, and httpd doesn't seem to be happy with it on its own... I've looked at the documentation, and it seems to suggest I need to know a bit more about the certificates I have, however, the above email is all the information I have and the department that issued it refuse to offer help.

Answer 1

Most likely CorpDomain.cer and CorpServices.cer are binary DER encoded CA certificate files, which you can easily convert to the base 64 PEM format with:

openssl x509 -in CorpDomain.cer -inform der -outform pem -out CorpDomain.pem

Afterwards you can concatenate both PEM files to form the SSLCertificateChainfile CorpChain.pem you include in the apache configuration.

cat CorpDomain.pem CorpServices.pem > CorpChain.pem