SSL on 3.0.2.5 - how to?

Questions and answers about how to do stuff
Post Reply
bostjanc
Posts: 97
Joined: 01 Jun 2016 17:18

SSL on 3.0.2.5 - how to?

Post by bostjanc » 04 Nov 2018 19:47

Hi there.
I am trying to replace SSL certificate on EFA.
What I did:
into /etc/pki/tls/certs/localhost.crt i have overwritten my crt certificate from Comodo (its a wildcard)
and into /etc/pki/tls/certs/ca-bundle.crt i have overwritted CA crt from Comodo

rebooted server, but https://efa.domain.com does not open.
What am I doing wrong?

thewomble
Posts: 43
Joined: 17 Jan 2017 12:52

Re: SSL on 3.0.2.5 - how to?

Post by thewomble » 06 Nov 2018 14:37

Is Apache running?

service httpd start

or service httpd restart

does that throw any errors?

bostjanc
Posts: 97
Joined: 01 Jun 2016 17:18

Re: SSL on 3.0.2.5 - how to?

Post by bostjanc » 08 Nov 2018 10:55

Thanks for the reply. Will need to check.
Is the approach even correct for changing cert on EFA or does it needs to be done on some other places/config files?
With best regards
B

thewomble
Posts: 43
Joined: 17 Jan 2017 12:52

Re: SSL on 3.0.2.5 - how to?

Post by thewomble » 09 Nov 2018 15:02

If you are using the same certificate for both TLS (mail) and HTTPS (web)

You have to make sure you have the appropiate lines in main.cf for the mail

and httpd.conf / or / ssl.conf for apache

I use a Digicert wildcard to do the same.

jkissane
Posts: 7
Joined: 14 Dec 2018 10:32

Re: SSL on 3.0.2.5 - how to?

Post by jkissane » 15 Jan 2019 16:10

Old topic I know but I just did this to get rid of the warning when users connect to the server to check spam etc. Where I work can generate our own certs so all I had to do was change three lines in the ssl.conf file:

SSLCertificateFile /etc/pki/tls/certs/efa_domainname_ie.crt
SSLCertificateKeyFile /etc/pki/tls/private/efa.domainname.ie.key
SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt

Restarted apache & all was well.

bostjanc
Posts: 97
Joined: 01 Jun 2016 17:18

Re: SSL on 3.0.2.5 - how to?

Post by bostjanc » 15 Jan 2019 16:28

Thanks. Didnt have time to implement it yet but I will definetly use your tip. With best regards B

Post Reply