Installing CA certificates

Instructions on how to add CA certificates into a SSLCACertificateFile from Trustis.com.

Installing CA certificates

On startup, Stronghold loads CA certificates from the file specified by the SSLCACertificateFile entry in its ‘httpd.conf’ file.
To install the PEM format bundled CA certificate file, reference it in the httpd.conf file. as follows

  • Ensure that you have saved the PEM format bundled CA certificate as a text file.
  • Open your ‘httpd.conf’ file and find the SSLCACertificateFile entry.  By default the entry will be SSLCACertificateFile=’/ssl/CA/client-rootcerts.pem’.  You will find ‘httpd.conf’ in the directory /conf.
  • Open the file identified by SSLCACertificateFile (for example, /ssl/CA/client-rootcerts.pem) in a text editor.
  • Open the file that contains the PEM format bundled CA certificates (e.g. cachainpem.txt) in a text editor.
  • Copy the contents of this PEM format bundled CA certificate file
    (including all the ‘—–BEGIN CERTIFICATE—–‘ and ‘—–END CERTIFICATE—–‘ lines)
    to the clipboard.
  • Now Paste what you have just copied into the file identified by SSLCACertificateFile.
    In most cases you will want to insert the bundle CA certificate at the end of the file and add a comment to identify the certificate.
  • Save the modified file and close the text editor.
  • Restart your web server.

Convert SSL certificate formats.

List of commands from a citrix website to convert SSL certificates from one format to another.

Procedure

Use the openssl command to convert between formats as follows:

  1. To convert a certificate from PEM to DER:
  2. x509 –in input.crt –inform PEM –out output.crt –outform DER
  3. To convert a certificate from DER to PEM:
  4. x509 –in input.crt –inform DER –out output.crt –outform PEM
  5. To convert a key from PEM to DER:
  6. rsa –in input.key –inform PEM –out output.key –outform DER
  7. To convert a key from DER to PEM:
  8. rsa –in input.key –inform DER –out output.key –outform PEM

Change location of Apache2.2 doc_root on Ubuntu 6.06

By default, when you first get Apache2.2 installed and running correctly on Ubuntu 6.06, the doc_root (document root) is set to /var/www/apache2-default. That means that in order to navigate to the default page to see if your install is working, you have to go to http://localhost/apache2-default/ instead of just http://localhost. Ugh.

I don’t want to have to append the /apache2-default directory to my url when I am testing, or working with content on my Apache2.2 server. So, that value just had to be changed.

In the Ubuntu 6.06 installation of Apache2.2, the DocumentRoot value is set in file called “default” located in the /etc/apache2/sites-available directory. Presumably this file is configurable to accommodate multiple DocumentRoot values for different URLs being served by the same Apache2.2 server.

Once I had changed the DocumentRoot value in the “default” file to /var/www, I then copied all of the files in the /apache2-default directory into its parent directory one level above:

/var/www# cp apache2-default/* .

Note, that is a period at the end to signify the current directory in Linux.

Summary:

File: default

Location: /etc/apache2/sites-available

Stop & Start Apache2.2 on Ubuntu 6.06

In my last post I discussed where exactly the Apache2.2 executable was located in an Ubuntu 6.06 installation. (This assumes you have installed Apache2.2 at the time of installation, or at some point subsequent.) Once you have actually installed Apache2.2 – and know where it is located on your system – you are ready to start, stop, and restart the application.

Apache advises invoking the httpd daemon via the apachectl script. The syntax to stop, start, and restart Apache2.2 is the exectuable script name followed by the parameter “-k” and then the action you wish to take [start/stop/restart]. For starting the httpd daemon, you can pass the “-f” parameter to indicate the location of the configuration file to be used for start-up, and omit the “start” action command. (I assume it is implied.)

The commands look like this:

/usr/sbin# ./apachectl -f /etc/apache2/apache2.conf

/usr/sbin# ./apachectl -k stop

/usr/sbin# ./apachectl -k restart

If you want to do things “gracefully” – and who doesn’t – you can issues the commands to stop and re-start Apache2.2 in a graceful manner. That is, the parent process “advises” the children processes to stop when they have finished serving up what they’ve got, and all others to stop immediately.

To do a graceful restart:

/usr/sbin# ./apachectl -k graceful

To do a graceful shutdown:

/usr/sbin# ./apachectl -k graceful-stop

Here is the actual manual for running Apache 2.2.

Location of Apache2.2 installation on Ubuntu 6.06

First off, Apache2.2 wasn’t installed in my default installation of Ubuntu 6.06. The reason this surprised me was because a) it was part of the default installation in Fedora, and b) there were various configuration files and directories which indicated that it should have been installed.

After I ran the installation of Apache2.2 via Synaptic, I needed to know where to go to stop and start the http server.

First, the aforementioned configuration files are located at:

/etc/apache2

The actual location the Apache2.2 executable(s) are at:

/usr/sbin

Add index.php to DirectoryIndex in Apache2.2 httpd.conf on Windows

If you want to give Apache2.2 the ability to serve up an index.php file by default, in addition to index.html, you must add”index.php” to the DirectoryIndex entry in the httpd.conf file for Apache2.2.

The entry needs to look something like this:

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>