You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Giltime9 <Ch...@yahoo.com> on 2012/02/24 08:48:23 UTC
[users@httpd] Help with ssl configuration in apache
So I got the trust of chain certificate from verisign, import into keystore
using keytool. How do I configure apache for ssl?
--
View this message in context: http://old.nabble.com/Help-with-ssl-configuration-in-apache-tp33383337p33383337.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Help with ssl configuration in apache
Posted by Mark Montague <ma...@catseye.org>.
On February 24, 2012 10:23 , Giltime9 <Ch...@yahoo.com> wrote:
> But again it is the trust of chain That I have. Do I consider it is just the
> certificate? Also do I need to import it into keystore? Also is the
> keystore I generate considered athe private key?
Apache HTTP Server does not use a keystore. Also, a keystore is not the
same as a private key. A keystore contains the private key, the
certificate, and the chain of trust all in a single binary file.
Keystores, as created by the keytool program, are normally used by Java
programs. But, again, Apache will not use a keystore (Apache is written
in C), so stop trying to create one.
Use the SSLCertificateKeyFile directive to point Apache at the
PEM-encoded key file that you generated before you created the
Certificate Signing Request that you sent to Verisign. If you never had
a PEM-encoded key file, then export the private key from the keystore
into a PEM-encoded key file.
Verisign will have sent you the certificate in PEM-encoded format. Use
the SSLCertificate file directive to point Apache to this file.
Finally, Versign will have either sent you or provided you a link to a
file containing all of the intermediate and root CA certificates that
were used to sign your certificate. Each certificate in this file will
be in PEM-encoded format. This is the "chain of trust". Use the
SSLCertificateChainFile directive to point Apache at this file. (There
are other ways to handle the chain of trust, but I'm keeping things
simple for the purposes of this discussion).
I hope this helps.
--
Mark Montague
mark@catseye.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Help with ssl configuration in apache
Posted by Giltime9 <Ch...@yahoo.com>.
But again it is the trust of chain That I have. Do I consider it is just the
certificate? Also do I need to import it into keystore? Also is the
keystore I generate considered athe private key?
Anirudha Patil wrote:
>
> Hi,
>
> Verisign Cerificate Authority has the set of instruction, how to install
> the ceriticate
>
> Please refer:
> https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR193
>
>
> With Regards
> Anirudha Patil
>
>
>
> On Fri, Feb 24, 2012 at 1:18 PM, Giltime9 <Ch...@yahoo.com> wrote:
>
>>
>> So I got the trust of chain certificate from verisign, import into
>> keystore
>> using keytool. How do I configure apache for ssl?
>> --
>> View this message in context:
>> http://old.nabble.com/Help-with-ssl-configuration-in-apache-tp33383337p33383337.html
>> Sent from the Apache HTTP Server - Users mailing list archive at
>> Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
--
View this message in context: http://old.nabble.com/Help-with-ssl-configuration-in-apache-tp33383337p33385637.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Help with ssl configuration in apache
Posted by Anirudha Patil <an...@gmail.com>.
Hi,
Verisign Cerificate Authority has the set of instruction, how to install
the ceriticate
Please refer:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR193
With Regards
Anirudha Patil
On Fri, Feb 24, 2012 at 1:18 PM, Giltime9 <Ch...@yahoo.com> wrote:
>
> So I got the trust of chain certificate from verisign, import into keystore
> using keytool. How do I configure apache for ssl?
> --
> View this message in context:
> http://old.nabble.com/Help-with-ssl-configuration-in-apache-tp33383337p33383337.html
> Sent from the Apache HTTP Server - Users mailing list archive at
> Nabble.com.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>