PDA

View Full Version : How do I install a SSL Certificate from a PFX file on my Linux VPS?



Max
November 19th, 2011, 05:30 PM
If you have a .PFX file for your certificate, you'll need to convert it for it to be installed on a Linux server/VPS.


Copy your PFX file to /root.
SSH into your VPS/server
Next, we're going to export the certificate key
Run:
openssl pkcs12 -in cert_name.pfx -nocerts -out cert_name.key
(replace cert_name.pfx with the name of your .PFX file, cert_name.key with the name you wish to use for the exported key)
You will be prompted for the password for this file.
Now to decrypt the private key using the file we just exported:

openssl rsa -in cert_name.key -out cert_name.decrypted.key
To extract the certificate from the .PFX file

openssl pkcs12 -in cert_name.pfx -clcerts -nokeys -out certificate.crt


You should have have 3 files:

Key file: cert_name.key
Decrypted key file: cert_name.decrypted.key
Certificate file: certificate.crt



If you are running cPanel on your VPS:

Login as root
Under the " SSL/TLS" section, select "Install a SSL Certificate and Setup the Domain"
Copy and Paste the contents of the certificate file starting from
-----BEGIN CERTIFICATE----- and ending with
-----END CERTIFICATE-----into the first box. cPanel should detect the, user and IP address. Note: the domain MUST be on a dedicated IP to install a SSL certificate.
Copy and Paste the contents decrypted key file into the second box
If you have a ca bundle certificate file, paste the contents into the third box
Click on "Submit" at the top of this page and cPanel will install the certificate. If there are any errors, it'll let you know.


If you are NOT running cPanel on your VPS (for advanced users):

Create the following directories:
/etc/ssl/certs -- used to store the certificate files
/etc/ssl/private -- used to store the private keys
To create these directories run:

mkdir /etc/ssl
mkdir /etc/ssl/certs
mkdir /etc/ssl/private
chmod 700 /etc/ssl/private

copy the certificate file to /etc/ssl/certs
copy the key file to /etc/ssl/private
edit the apache configuration file, normally it's in this location:
/etc/httpd/conf/httpd.conf
create a virtual host for your site by adding the following section to your apache configuration file:

<VirtualHost 123.123.123.123:443>
ServerName domain.com
ServerAlias www.domain.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cert_file.crt
SSLCertificateKeyFile /etc/ssl/private/key_file.key
<Directory /var/www/html/>
AllowOverride All
</Directory>
DocumentRoot /var/www/html/
SSLProtocol +SSLv3 +TLSv1
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:-MEDIUM:-LOW
</VirtualHost>
Replace 123.123.123.123 with your static IP for this site. Change domain.com and www.domain.com to your domain name. Adjust the cert and key file names to what you have named them. Set your document root to the location of your site.
Save the file and restart apache
If you have any errors in your httpd.conf apache will let you know when you attempt to restart.