Posts Tagged ‘ssl’

May
05
2010

How to move the SSL certificates?

Migrating SSL certificates: CPanel, WHM

Possible Scenarios
i) Server load balancing
ii) Moving web sites between servers

Find where the SSL certificates, private keys are installed in the old server and gzip the certs
$ tar -zxcf /tmp/crt.tar.gz /etc/ssl/certs
$ tar -zxcf /tmp/priv.tar.gz /etc/ssl/private

In the new server, extract the certificates and keys to its respective folder location. Edit httpd.conf file and add the following lines

SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCACertificateFile /etc/ssl/certs/example.com.cabundle
CustomLog /usr/local/apache/domlogs/exampleuser-ssl_log combined

Sample virtual host configuration setting

<VirtualHost xxx.xxx.xxx.xxx:443>
    ServerName subdomain.example.com
    ServerAlias www.subdomain.example.com
    DocumentRoot /home/emaple/public_html
    ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/example.com.crt
    SSLCertificateKeyFile /etc/ssl/private/example.com.key
   SSLCACertificateFile /etc/ssl/certs/example.com.cabundle
  CustomLog /usr/local/apache/domlogs/exampleuser-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "/home/example.com/public_html/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/ssl/2/exampleuser/example.com/*.conf"
</VirtualHost>

Restart apache
$ /etc/init.d/httpd restart
(or)
$ /sbin/service httpd restart

Note: Once moving the SSL certificates to the new server, you can also use WHM or CPanel to configure the certs.

  • Share/Save/Bookmark

Tags: , , , , ,
Posted in General, LINUX | No Comments »

Feb
03
2010

SSL Error: Revocation information for the security certificate for this site is not available.

SSL Error: Revocation information for the security certificate for this site is not available. Do you want to proceed?

Solutions:
i) Install the root CA under Trusted Certificate Authority or,
ii) Add an exception to the browser filter not to check certificate revocation or,
iii) Programatically handle the SSL stream when request is made from the server

  • Share/Save/Bookmark

Tags: , ,
Posted in General, LINUX | No Comments »

Nov
16
2009

SSL: Points to consider before choosing the right certificate

Points to consider before choosing the SSL certificate

i) Strength of the encryption offered by the certificates

ii) Browser comptability or recognition of the certificates. A well known brand is recognized by most of the browsers in the market

iii) If the certificate offers backward comptability across browsers offering

iv) Whether the Certification Authority (CA) is a Trusted Root or if they use a Chained Root Certificates.

v) Which web server will be used for SSL installation. Chained root certificates may be little complicated on some web servers.

vi) Nature of the application that will be served over the SSL – depending on the volume of the transactions and the value of each transaction

vii) Warranty offered by the certificate (if that matters which most certainly is when it comes to ECommerce products)

  • Share/Save/Bookmark

Tags: , , , , ,
Posted in General, Security | No Comments »

  •  

    September 2010
    M T W T F S S
    « Aug    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

  • Categories

  • Archives

  • StatPress

    Visits today: 26534
    • w3c

    Recent Posts

    Tags