Page 1 of 1

SSL on 3.0.2.5 - how to?

Posted: 04 Nov 2018 19:47
by bostjanc
Hi there.
I am trying to replace SSL certificate on EFA.
What I did:
into /etc/pki/tls/certs/localhost.crt i have overwritten my crt certificate from Comodo (its a wildcard)
and into /etc/pki/tls/certs/ca-bundle.crt i have overwritted CA crt from Comodo

rebooted server, but https://efa.domain.com does not open.
What am I doing wrong?

Re: SSL on 3.0.2.5 - how to?

Posted: 06 Nov 2018 14:37
by thewomble
Is Apache running?

service httpd start

or service httpd restart

does that throw any errors?

Re: SSL on 3.0.2.5 - how to?

Posted: 08 Nov 2018 10:55
by bostjanc
Thanks for the reply. Will need to check.
Is the approach even correct for changing cert on EFA or does it needs to be done on some other places/config files?
With best regards
B

Re: SSL on 3.0.2.5 - how to?

Posted: 09 Nov 2018 15:02
by thewomble
If you are using the same certificate for both TLS (mail) and HTTPS (web)

You have to make sure you have the appropiate lines in main.cf for the mail

and httpd.conf / or / ssl.conf for apache

I use a Digicert wildcard to do the same.

Re: SSL on 3.0.2.5 - how to?

Posted: 15 Jan 2019 16:10
by jkissane
Old topic I know but I just did this to get rid of the warning when users connect to the server to check spam etc. Where I work can generate our own certs so all I had to do was change three lines in the ssl.conf file:

SSLCertificateFile /etc/pki/tls/certs/efa_domainname_ie.crt
SSLCertificateKeyFile /etc/pki/tls/private/efa.domainname.ie.key
SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt

Restarted apache & all was well.

Re: SSL on 3.0.2.5 - how to?

Posted: 15 Jan 2019 16:28
by bostjanc
Thanks. Didnt have time to implement it yet but I will definetly use your tip. With best regards B

Re: SSL on 3.0.2.5 - how to?

Posted: 08 Jan 2020 12:35
by bostjanc
Thanks, it helped