7010584: How to setup SSL certificate for apache

This document (7010584) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server
Novell Open Enterprise Server
Novell GroupWise

Situation

How to SSLize WebAccess on Linux

How to secure WebAccess using SSL
GroupWise WebAccess shows untrusted certificate after pointing to 3rd party certificate using ConsoleOne for WebAccess Agent

Resolution

  1. (conditional) If not yet configured, Enable the SSL module and set the Apache Server Flags to SSL:
  • From a terminal window: edit file /etc/sysconfig/apache2
  • Verify ssl is found in the list of APACHE_MODULES.

    Note: If it is not, please run the following command, which should enable the ssl module and add it to this list:

    sudo a2enmod ssl
  • From this same file, please find APACHE_SERVER_FLAGS=”” and add SSL in between the quotations.
  • Create a virtual host for ssl by copying from the template:

    cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/vhost-ssl.conf

  • Configure Apache to use new certificate files:
    • From a terminal window: cd /etc/apache2/vhosts.d/
    • Edit file vhost-ssl.conf
    • Update paths to the appropriate file(s) as needed:
      • SSLCertificateFile <directory to the cert (*.cert)>
      • SSLCertificateKeyFile <path to the private key (*.key)>
      • SSLCertificateChainFile <path to CA Chain file(s)>
      • SSLCACertificateFile <path to bundles>
    • Save and Close.
    • From a Terminal window: type rcapache2 restart and press Enter.

    Additional Information

    How to setup Apache using a single PEM file, if so desired.

    Replace Step 2 above with the following:

    1. See TID 7013103 – How to create a .pem file for SSL Certificate Installations
    2. Point Apache to the New PEM:
      • From a terminal window: type cd /etc/apache2/vhosts.d/ and press Enter.
      • Edit file vhost-ssl.conf
      • Find and replace with the path to the same file:
        • SSLCertificateFile <path to the server.pem>
        • SSLCertificateChainFile <path to the server.pem>
      • Comment out any other Certificate configuration (pem created above includes them):
        • SSLCertificateKeyFile
        • SSLCACertificateFile
      • Save and Close.
      • From a Terminal window: type rcapache2 restart and press Enter.

    Disclaimer

    This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

    Related:

    Leave a Reply