On February 24, 2012 10:23 , Giltime9 <Chrisluc168@xxxxxxxxx> wrote:
But again it is the trust of chain That I have. Do I consider it is just the certificate? Also do I need to import it into keystore? Also is the keystore I generate considered athe private key?
Apache HTTP Server does not use a keystore. Also, a keystore is not the same as a private key. A keystore contains the private key, the certificate, and the chain of trust all in a single binary file. Keystores, as created by the keytool program, are normally used by Java programs. But, again, Apache will not use a keystore (Apache is written in C), so stop trying to create one.
Use the SSLCertificateKeyFile directive to point Apache at the PEM-encoded key file that you generated before you created the Certificate Signing Request that you sent to Verisign. If you never had a PEM-encoded key file, then export the private key from the keystore into a PEM-encoded key file.
Verisign will have sent you the certificate in PEM-encoded format. Use the SSLCertificate file directive to point Apache to this file.
Finally, Versign will have either sent you or provided you a link to a file containing all of the intermediate and root CA certificates that were used to sign your certificate. Each certificate in this file will be in PEM-encoded format. This is the "chain of trust". Use the SSLCertificateChainFile directive to point Apache at this file. (There are other ways to handle the chain of trust, but I'm keeping things simple for the purposes of this discussion).
I hope this helps. -- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|