How to add certificate file and its key on httpd server database in Linux ?

In this article, we will see an interesting topic how to add certificate file and its key on HTTPD server DB in Linux.

Prerequisite: -Get your new certificate and key before.

Lets see how to check and update the certificate step by step.

 

1. First check out the old certificate details.

# certutil -L -d /etc/httpd/alias -n Server-Cert

 

2. Now remove the old certificate.

[root@ngelinux001 kernel]# certutil -D -d /etc/httpd/alias -n Server-Cert

 

3. Add the new certificate.

[root@ngelinux001 kernel]# certutil -A -d /etc/httpd/alias -n Server-Cert -a -i /etc/httpd/CERT/ngelinux001.crt -t "CT,,"

 

4. Check the newly added certificate.

[root@ngelinux001 kernel]# certutil -L -d /etc/httpd/alias -n Server-Cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:00:1d:b4:ec:79:30:9c:74:10:07:7b:65:00:00:00:
1d:b4:ec
Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: "CN=NGEL Enterprise CA,DC=global,DC=NGEL,DC=com"
Validity:
Not Before: Wed May 18 12:51:02 2022
Not After : Fri May 17 12:51:02 2024

 

5. Convert our private key to pkcs12

[root@ngelinux001 kernel]# openssl pkcs12 -export -in /etc/httpd/CERT/ngelinux001.crt -inkey /etc/httpd/CERT/private.key -out /etc/httpd/CERT/ngelinux001.p12
Enter Export Password:
Verifying - Enter Export Password:
[root@ngelinux001 kernel]#

[root@ngelinux001 kernel]# cd /etc/httpd/CERT/
[root@ngelinux001 CERT]# ls -ltr
total 24
-rwxrw-r-- 1 root root 1708 May 18 22:57 private.key
-rw-r--r-- 1 root root 2728 May 18 23:51 ngelinux001.crt
-rw-r--r-- 1 root root 8309 May 19 00:27 CA-NGEL.crt
-rw-r--r-- 1 root root 3573 May 19 00:32 ngelinux001.p12
[root@ngelinux001 CERT]#

 

6. Import the converted key to DB.

[root@ngelinux001 CERT]# pk12util -i /etc/httpd/CERT/ngelinux001.p12 -d /etc/httpd/alias
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL
[root@ngelinux001 CERT]#

 

7. Restart http service

# service httpd restart

Now the certificate is in place and your https site will work after service restart.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments