0

I have one apache server which is configured with ssl. 

SSLCertificateFile /etc/certs/localhost.crt 
SSLCertificateKeyFile /etc/private/localhost.key

Now i need to replace the certificate with a new one(Provided by our department). For that i have shared the csr and they send back the certificate.

Now the file that they have shared is *.p7b (contains the certificate in PEM/base64 encoded format. is a .p7b file with the DER encoded certificate and the issuing CA certificate.)

But in apache ssl.conf i need to provide the crt file. How to get the crt files from p7b

Andromeda
  • 12,659
  • 20
  • 77
  • 103

1 Answers1

1

Install openssl on Red Hat Linux server / CentOS 7

  1. Firstly we need to install httpd on our server, to install httpd type the below command, yum install httpd

  2. After installing httpd, Now we need to install mod_ssl, yum install mod_ssl

  3. Now, we have install openssl as well on the server, yum install openssl

  4. After installing httpd, mod_ssl & openssl, we need to generate key using below command, openssl genrsa -out ca.key 2048

  5. openssl req -new -key ca.key -out ca.csr (You can skip steps by pressing enter)

  6. openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.cert

  7. cp ca.crt /etc/pki/tls/certs

  8. cp ca.key /etc/pki/tls/private/

  9. cp ca.csr /etc/pki/tls/private

  10. vim /etc/httpd/conf.d/ssl.conf

    SSLCertificateFile /etc/pki/tls/certs/localhost.crt

Replace by

SSLCertificateFile /etc/pki/tls/certs/ca.crt

and

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Replace by

SSLCertificateKeyFile /etc/pki/tls/private/ca.key


  11. httpd -t (check whether the above change are correct or not)

  12. vim /etc/httpd/conf/httpd.conf

Go to the bottom of the file and write

<VirtaulHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
    servername localhost
    Documentroot /var/www/html
</VirtualHost>
Save & Exit

 13. httpd -t (check whether the above change are correct or not)

 14. firewall-cmd –permanent –add-service=https

 15. firewall-cmd –permanent –add-port=443/tcp

 16. firewall-cmd  --reload

 17. service httpd restart
Prateek Parihar
  • 51
  • 4