Kurinchi Blogger Scribbles ... » ssl

How to move the SSL certificates?

kurinchilamp — Thu, 06 May 2010 00:29:01 +0000

Migrating SSL certificates: CPanel, WHM

Possible Scenarios
i) Server load balancing
ii) Moving web sites between servers

Find where the SSL certificates, private keys are installed in the old server and gzip the certs
$ tar -zxcf /tmp/crt.tar.gz /etc/ssl/certs
$ tar -zxcf /tmp/priv.tar.gz /etc/ssl/private

In the new server, extract the certificates and keys to its respective folder location. Edit httpd.conf file and add the following lines

SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCACertificateFile /etc/ssl/certs/example.com.cabundle
CustomLog /usr/local/apache/domlogs/exampleuser-ssl_log combined

Sample virtual host configuration setting


    ServerName subdomain.example.com
    ServerAlias www.subdomain.example.com
    DocumentRoot /home/emaple/public_html
    ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/example.com.crt
    SSLCertificateKeyFile /etc/ssl/private/example.com.key
   SSLCACertificateFile /etc/ssl/certs/example.com.cabundle
  CustomLog /usr/local/apache/domlogs/exampleuser-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    
        SSLOptions +StdEnvVars
    

    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/ssl/2/exampleuser/example.com/*.conf"

Restart apache
$ /etc/init.d/httpd restart
(or)
$ /sbin/service httpd restart

Note: Once moving the SSL certificates to the new server, you can also use WHM or CPanel to configure the certs.

SSL Error: Revocation information for the security certificate for this site is not available.

kurinchilamp — Wed, 03 Feb 2010 09:51:31 +0000

SSL Error: Revocation information for the security certificate for this site is not available. Do you want to proceed?

Solutions:
i) Install the root CA under Trusted Certificate Authority or,
ii) Add an exception to the browser filter not to check certificate revocation or,
iii) Programatically handle the SSL stream when request is made from the server

SSL: Points to consider before choosing the right certificate

kurinchilamp — Tue, 17 Nov 2009 01:00:58 +0000

Points to consider before choosing the SSL certificate

i) Strength of the encryption offered by the certificates

ii) Browser comptability or recognition of the certificates. A well known brand is recognized by most of the browsers in the market

iii) If the certificate offers backward comptability across browsers offering

iv) Whether the Certification Authority (CA) is a Trusted Root or if they use a Chained Root Certificates.

v) Which web server will be used for SSL installation. Chained root certificates may be little complicated on some web servers.

vi) Nature of the application that will be served over the SSL – depending on the volume of the transactions and the value of each transaction

vii) Warranty offered by the certificate (if that matters which most certainly is when it comes to ECommerce products)