Issue
I purchased a Godaddy Certificate, I correctly installed it on my Mac Server, so now I see 2 entry within Keychain Application:
- Go Daddy Secure Certification Authority
- mydomain
- mydomain (private key)
Then I added the certificate (mydomain.com) to a VirtualHost of httpd.conf file, so:
<VirtualHost *:443>
DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
ServerName mydomain.com
ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
CustomLog "/private/var/log/apache2/mydomain.com-access_log" common
SSLCertificateFile /etc/apache2/mydomain.cer
JkMountCopy On
JkMount /* ajp13
</VirtualHost>
Then, I guess, I also need the private key file, otherwise Apache fails to handle the certificate. How to do this? I can save the certificates from Apple Keychain into .pem and .cer file.
Solution
In the Keychain, export your private key and certificate in PKCS#12 format (.p12 file, Personal Information Exchange). You should be able to do this using by expanding your private key entry (in Keychain Access), right-clicking on its certificate and using Export. It will probably ask you for a password to protect this p12 file.
Then, in the Terminal, extract the private key using OpenSSL:
umask 0077
openssl pkcs12 -in filename.p12 -nocerts -nodes -out filename-key.pem
umask 0022
- Note that you should protect this file, since the private key will not be password protected (so that it can be used by Apache Httpd).
Similarly, for the certificate (although it seems you may already have it in PEM format, so you might not need this step):
openssl pkcs12 -in filename.p12 -clcerts -nokeys -out filename-cert.pem
Then, set the SSLCertificateFile
(cert) and SSLCertificateKeyFile
(private key) options to point to these files in your Apache Httpd configuration.
Answered By - Bruno Answer Checked By - Timothy Miller (PHPFixing Admin)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.