Showing posts with label renew. Show all posts
Showing posts with label renew. Show all posts

01 June 2015

Renewing SSL on iPlanet

Cert renewal in iPlanet

listing all the certificate in keystore:
find . -name certutil
/certutil -L -d /Instance_path/ -P instance_name

listing the details of Server-Cert
/certutil -L -n Server-Cert -d /instance-name/ -P instance-name-

Generating a CSR & output it to the file serverCert.req
/certutil -R -s "CN=abc.com,OU=IT, O=CTS, l=Bangalore, st=karnataka, c=IN" -o /instance_path/serverCert.req -a -d /instance_path/ -P instance -g 2048

Deleting the existing cert with name Server-Cert
/certutil -D -n Server-Cert -d /Instance-Name/ -P instance-name-

Import the cert
/certutil -A -n Server-Cert -t "u,u,u" -i /instance-path/instance.pem -d /instance-name -P https-instance

copy certificate to alias Directory
cp instance-cert8.db & cp instance-key8.db

recycle the instance

25 November 2014

Apache SSL Installation Instructions

Save the primary and intermediate certificates to a folder on the server with the private key.

Open the Apache configuration file in a text editor httpd.conf In most cases the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find the <VirtualHost> blocks in a separate file in a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf

If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and change the port from port 80 to 443.

& add below lines as

<VirtualHost 192.168.0.1:443>

DocumentRoot "/var/www/htdocs" ServerName www.domain.com SSLEngine on SSLCertificateFile "/etc/ssl/crt/primary.crt" SSLCertificateKeyFile "/etc/ssl/crt/private.key" SSLCACertificateFile "/etc/ssl/crt/intermediate.crt" </VirtualHost>


2.     Change the names of the files and paths to match with your certificate files:
SSLCertificateFile should be your primary certificate file for your domain name.
SSLCertificateKeyFile should be the key file generated when you created the CSR.
SSLCertificateChainFile should be the intermediate certificate file (if any) that was supplied by your certificate authority
(The first directive tells Apache how to find the server certificate file, the second one where the private key is located, and the third line the location of the Trust CA Bundle.)

Save the changes and exit the text editor.
After making changes to your config file it is good practice to check the file for syntax errors using apachectl configtest. The command will return Syntax OK if there are no errors.
Restart your Apache web server using one of the following commands:

$ /bin/apachectl startssl && /bin/apachectl restart


Note: make sure to un comment mod_ssl.so from httpd.conf

Additionally you can generate your apache self signed certificate

Once you have OpenSSL installed, just run this one command to create an Apache self signed certificate:

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout mysitename.key -out mysitename.crt

You will be prompted to enter your organizational information and a common name. The common name should be the fully qualified domain name for the site you are securing (www.mydomain.com). You can leave the email address, challenge password, and optional company name blank. 
When the command is finished running, it will create two files: 
mysitename.key 
mysitename.crt self signed certificate file which is valid for 365 days.

Br,
Punit