RSS

Kurinchi Blogger Scribbles …

On Open Source Technologies

Posts Tagged ‘ssl’

May 05
2010

How to move the SSL certificates?

Last updated: May 14th, 2010

Migrating SSL certificates: CPanel, WHM

Possible Scenarios
i) Server load balancing
ii) Moving web sites between servers

Find where the SSL certificates, private keys are installed in the old server and gzip the certs
$ tar -zxcf /tmp/crt.tar.gz /etc/ssl/certs
$ tar -zxcf /tmp/priv.tar.gz /etc/ssl/private

In the new server, extract the certificates and keys to its respective folder location. Edit httpd.conf file and add the following lines

SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCACertificateFile /etc/ssl/certs/example.com.cabundle
CustomLog /usr/local/apache/domlogs/exampleuser-ssl_log combined

Sample virtual host configuration setting

<VirtualHost xxx.xxx.xxx.xxx:443>
    ServerName subdomain.example.com
    ServerAlias www.subdomain.example.com
    DocumentRoot /home/emaple/public_html
    ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/example.com.crt
    SSLCertificateKeyFile /etc/ssl/private/example.com.key        
   SSLCACertificateFile /etc/ssl/certs/example.com.cabundle    
  CustomLog /usr/local/apache/domlogs/exampleuser-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "/home/example.com/public_html/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/ssl/2/exampleuser/example.com/*.conf"
</VirtualHost>

Restart apache
$ /etc/init.d/httpd restart
(or)
$ /sbin/service httpd restart

Note: Once moving the SSL certificates to the new server, you can also use WHM or CPanel to configure the certs.

Tags: , , , , ,
Posted in General, LINUX | No Comments »

Feb 03
2010

SSL Error: Revocation information for the security certificate for this site is not available.

Last updated: February 4th, 2010

SSL Error: Revocation information for the security certificate for this site is not available. Do you want to proceed?

Solutions:
i) Install the root CA under Trusted Certificate Authority or,
ii) Add an exception to the browser filter not to check certificate revocation or,
iii) Programatically handle the SSL stream when request is made from the server

Tags: , ,
Posted in General, LINUX | No Comments »

Nov 16
2009

SSL: Points to consider before choosing the right certificate

Last updated: November 16th, 2009

Points to consider before choosing the SSL certificate

i) Strength of the encryption offered by the certificates

ii) Browser comptability or recognition of the certificates. A well known brand is recognized by most of the browsers in the market

iii) If the certificate offers backward comptability across browsers offering

iv) Whether the Certification Authority (CA) is a Trusted Root or if they use a Chained Root Certificates.

v) Which web server will be used for SSL installation. Chained root certificates may be little complicated on some web servers.

vi) Nature of the application that will be served over the SSL – depending on the volume of the transactions and the value of each transaction

vii) Warranty offered by the certificate (if that matters which most certainly is when it comes to ECommerce products)

Tags: , , , , ,
Posted in General, Security | No Comments »

Copyright ©2008 - 2013. Kurinchilion Inc.

Valid HTML 4.01 Strict  Valid HTML 4.01 Strict