[CentOS] Export/Import wild card SSL
tony at softins.co.uk
Wed Oct 24 04:44:23 EDT 2012
In article <0DFC5E1E-DFC7-4F90-A79E-B3CFB341CAF2 at gmail.com>,
aurfalien <aurfalien at gmail.com> wrote:
> On Oct 23, 2012, at 3:19 PM, John R Pierce wrote:
> > On 10/23/12 3:09 PM, aurfalien wrote:
> >> I don't see any ref to the servers name that its running on.
> > the subject, and subject alternative names.
> BTW, sorry for the mis information, but my certificate file are actually;
> commercial.csr and commercial.key
> Sorry for the mis information.
> The ca files are self signed files of come kind and not my actual used cert files.
Since you have an existing working server, you have a good starting point.
As the certificates are wildcard for *.domain.com (for example), you can
use them unchanged on any server that has a name within domain.com.
Firstly you need to copy the certificate, the private key and any intermediate
certificate bundle (such as gd_bundle.crt) from the old server to the new one.
On CentOS5, the certificate and bundle go in /etc/pki/tls/certs, and the key
goes in /etc/pki/tls/private. On CentOS4, the directories were actually
/etc/httpd/conf/ssl.crt and /etc/httpd/conf/ssl.key respectively.
Then you also need to update the Apache configuration to use the certificates.
This will either be in /etc/httpd/conf.d/ssl.conf (most likely), or else in
/etc/httpd/conf/httpd.conf itself. Just search for the certificate, key and
bundle filenames to find the relevant directives and edit the matching file
on the new server to include the same directives. They will probably look
something like this:
By the way, in your posting above, you said commercial.csr - this would be the
original Certificate Signing Request. You need the actual signed certificate,
which would be in commercial.crt.
But in any case, look for those SSLCertificate directives and they will point
you to the actual files that need copying over.
Hope this helps!
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org
More information about the CentOS