My activities

Replace the Default SSL Certificate

  1. Generate a private key. If openssl has been installed on the server, the following command must be used. Replace "hello" with your desired passphrase:

    openssl req -x509 -newkey rsa:4096 -sha256 -keyout server.key -passout pass:hello
  2. Create a Certificate Signing Request (CSR) with the private key. If you're using openssl, this can be done by running:

    openssl req -key server.key -new -out server.csr
    • Enter the passphrase you generated above; e.g. "hello."
    • Enter values when prompted. The fully qualified domain name (FQDN) of the server (e.g. agiliance.customer.com) must be used as the Common Name in the certificate request.
  3. Send the CSR file to your certificate authority (CA) to be signed. In return, the CA will provide you with a CRT certificate file (e.g., server.crt).
  4. Backup the existing server.key and server.crt files in %AGILIANCE_HOME%\Apache2\conf and place the new .key and .crt files in this directory. If possible, call the new files server.key and server.crt, respectively. If the CA provides a .cer file, then the extension can be renamed.
  5. Edit %AGILIANCE_HOME%\Apache2\conf\extra\passphrase.bat and replace the existing passphrase string "agiliance" (default) with the passphrase used to create the private key. Save the file.
  6. If an external trusted CA, such as Verisign, provides an intermediate CA certificate, then this can be enabled by modifying the httpd-ssl.conf file located in %AGILIANCE_HOME%\Apache2\conf\extra\ to uncomment this line and supply the path to the intermediate CA certificate:

    # SSLCertificateChainFile conf/cacert.crt
  7. Restart the Apache2.2 service.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk