My Web Server SSL Certificate has a passphrase, how do I install it?
A Web Server SSL Certificate with a passphrase is not suitable for Statseeker as every time the Statseeker server is rebooted Apache will need to be manually started.
To remove the passphrase from the certificate:
- Copy the certificate on to the Statseeker host
- Go to the command line and run the following command in the directory where the certificate key file was placed :
openssl rsa -in <server>.key> -out <server_nopass>.key
This command will ask for the passphrase and then output a new file as per above without a passphrase.
The way the certificate is installed is by putting the certificate files into the directory /home/system/etc
Suggested procedure:
- Put the new certificate files in the to /home/system/etc/ssl_new directory with this year in their file names.
Use the <server_nopass>.key file for this.
e.g.
/home/system/etc/ssl_new/ssl_<this year>.crt
/home/system/etc/ssl_new/ssl_<thisyear>.key - Then backup the existing ssl.key and ssl.cert in /home/system/etc to the same directory.
e.g.
cp -p /home/system/etc/ssl.key /home/system/etc/ssl_new/ssl_<last-year>.crt
cp -p /home/system/etc/ssl.cert /home/system/etc/ssl_new/ssl_<last-year>.key - Then remove the existing files from the /home/system/etc directory :
rm -i /home/system/etc/ssl.key
rm -i / home/system/etc/ssl.crt - Then copy the new files in to the /home/system/etc directory:
cp -p /home/system/etc/ssl_new/ssl_<year>.key /home/system/etc/ssl.key
cp -p /home/system/etc/ssl_new/ssl_<year>.crt /home/system/etc/ssl.crt - Then as the root user restart Apache:
service apache24 restart - Check Apache is running:
service apache24 status - Then go to the Statseeker Administration GUI and on the "Web Server Configuration" page check the status of the certificate.