Instructions on how to add CA certificates into a SSLCACertificateFile from Trustis.com.
Installing CA certificates
On startup, Stronghold loads CA certificates from the file specified by the SSLCACertificateFile entry in its ‘httpd.conf’ file.
To install the PEM format bundled CA certificate file, reference it in the httpd.conf file. as follows
- Ensure that you have saved the PEM format bundled CA certificate as a text file.
- Open your ‘httpd.conf’ file and find the SSLCACertificateFile entry. By default the entry will be SSLCACertificateFile=’/ssl/CA/client-rootcerts.pem’. You will find ‘httpd.conf’ in the directory /conf.
- Open the file identified by SSLCACertificateFile (for example, /ssl/CA/client-rootcerts.pem) in a text editor.
- Open the file that contains the PEM format bundled CA certificates (e.g. cachainpem.txt) in a text editor.
- Copy the contents of this PEM format bundled CA certificate file
(including all the ‘—–BEGIN CERTIFICATE—–‘ and ‘—–END CERTIFICATE—–‘ lines)
to the clipboard.
- Now Paste what you have just copied into the file identified by SSLCACertificateFile.
In most cases you will want to insert the bundle CA certificate at the end of the file and add a comment to identify the certificate.
- Save the modified file and close the text editor.
- Restart your web server.
List of commands from a citrix website to convert SSL certificates from one format to another.
Use the openssl command to convert between formats as follows:
- To convert a certificate from PEM to DER:
- x509 –in input.crt –inform PEM –out output.crt –outform DER
- To convert a certificate from DER to PEM:
- x509 –in input.crt –inform DER –out output.crt –outform PEM
- To convert a key from PEM to DER:
- rsa –in input.key –inform PEM –out output.key –outform DER
- To convert a key from DER to PEM:
- rsa –in input.key –inform DER –out output.key –outform PEM