GlobalSign Security Solutions Secure SSL Certificates  |  Home  |  Contact Us    
Search Technical Support & FAQs  
 
Certificates SSL menu divider Enterprise Solutions SSL menu divider Partners SSL menu divider Customer Support SSL menu divider About GlobalSign

 

 

Exporting from Apache machine to Apache machine

PART 1 - Exporting from Apache server A

  1. Locate the directory that your certificate and key file are currently stored (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/).
  2. Copy the domainname.key and domainname.crt files to removable storage media, or to a network drive.

PART 2 - Importing to Apache server B

  1. Copy the domainname.key and domainname.crt to the Apache server directory in which you plan to store your certificates (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/).
  2. Open the Apache httpd.conf file in a text editor. Locate the SSL associated with your certificate. Verify that you have the following 2 directives within this virtual host. Please add them if they are not present:
    1. SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt
    2. SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domainname.key

    3. Note that some instances of Apache will store information in a httpd-ssl.conf file. If your httpd.conf contains no information then you will need to locate and amend the httpd-ssl.conf as above.

  3. Save the changes and exit the editor.
  4. Start or Restart your apache web server.

Importing a PFX into Apache with OpenSSL

PART 1 - Convert your PFX into a PEM and extract your certificates

  1. Move your PFX file into your OpenSSL/Bin directory
  2. Open OpenSSL in the command line.
  3. Type in the following command to transform the your PFX file into a PEM file:
    1. pkcs12 -in yourdomain.pfx -out yourdomain.pem

      2. (The private key will be encrypted, you can remove this by using the following -nodes command as used below)

    2. pkcs12 -nodes -in yourdomain.pfx -out yourdomain.pem
  4. Go to your OpenSSL/Bin directory and locate the yourdomain.pem file and open it in a text editor (Notepad).
  5. This PEM file contains your Private Key, your SSL certificate, your Intermediate certificate, your Cross certificate and your GlobalSign Root certificate in that order. Each of these certificates must be copied and pasted into their own file.
  6. Locate the Private Key, which includes and is defined by the text '-----BEGIN RSA PRIVATE KEY----- .... certificate contents .... -----END RSA PRIVATE KEY-----, copy the Private Key, open a new text editor, paste the Prvate Key into the text editor and Save AS yourdomain.key.
  7. Locate the SSL certificate, which includes -----BEGIN CERTIFICATE----- .... certificate contents .... -----END CERTIFICATE-----, copy the SSL certificate, open a new text editor, paste the SSL certificate into the text editor and Save AS yourdomain.crt.
    1. If you are a DomainSSL certificate customer go to http://www.globalsign.com/support/domain_bundle.html, copy the certificates from the box, open a new text editor in your OpenSSL/Bin directory and paste the certificates you have just copied into the text editor and Save As certificates.cabundle.
    2. If you are an OrganizationSSL certificate customer go to http://www.globalsign.com/support/organization_bundle.html, copy the certificates from the box, open a new text editor in your OpenSSL/Bin directory and paste the certificates you have just copied into the text editor and Save As certificates.cabundle.
    3. If you are an ExtendedSSL certificate customer go to http://www.globalsign.com/support/extended_bundle.html, copy the certificates from the box, open a new text editor in your OpenSSL/Bin directory and paste the certificates you have just copied into the text editor and Save As certificates.cabundle.

PART 2 - Assign the correct directives to your Config file

When you have made the changes detailed in PART 1, you will then need to assign the correct directives to your Config file. You may find these in your httpd.conf file or in the ssl.conf file.

  1. Open your httpd.conf file and search for the section for the site for which the SSL certificate will secure (If you cannot locate the section in your httpd.conf file, open your httpd-ssl.conf file and search for the section).
  2. Your section will need to contain the following directives:-
    1. SSLCertificateChainFile - this will need to point to the certificates.cabundle, so after the directive name enter the path and file name and remove the # from the beginning of the line.
    2. SSLCertificateFile - this will need to point to yourdomain.crt so after the directive name enter the path and file name and remove the # from the beginning of the line.
    3. SSLCertificateKeyFile - this will need to point to yourdomain.key so after the directive name enter the path and file name and remove the # from the beginning of the line.
  3. Save the changes and close the text editor.
  4. Restart Apache.

 
                 Provide Feedback
  Home | SSL Certificates | Products | Enterprise Solutions | Partners | Customer Support | About GlobalSign | Customer Login © GlobalSign. All rights reserved.  
  SSL Certificate Supported Browsers
GlobalSign Inc (a member of GMO Internet Inc group TSE:9449) offers online security services and has been operating as a
trusted Root Certification Authority for over 10 years. GlobalSign Certificates are trusted by all popular Browsers,
Operating Systems, Devices and Applications and include SSL, SSL Certificates, Extended SSL Certificates, Code Signing,
Personal Digital IDs, Enterprise Digital IDs, internal PKI & Microsoft CA root signing.		 GlobalSign WebTrust Certified Certification Authority