How to add certificate file and its key on httpd server database in Linux ?
In this article, we will see an interesting topic how to add certificate file and its key on HTTPD server DB in Linux.
Prerequisite: -Get your new certificate and key before.
Lets see how to check and update the certificate step by step.
1. First check out the old certificate details.
# certutil -L -d /etc/httpd/alias -n Server-Cert
2. Now remove the old certificate.
[root@ngelinux001 kernel]# certutil -D -d /etc/httpd/alias -n Server-Cert
3. Add the new certificate.
[root@ngelinux001 kernel]# certutil -A -d /etc/httpd/alias -n Server-Cert -a -i /etc/httpd/CERT/ngelinux001.crt -t "CT,,"
4. Check the newly added certificate.
[root@ngelinux001 kernel]# certutil -L -d /etc/httpd/alias -n Server-Cert Certificate: Data: Version: 3 (0x2) Serial Number: 69:00:1d:b4:ec:79:30:9c:74:10:07:7b:65:00:00:00: 1d:b4:ec Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: "CN=NGEL Enterprise CA,DC=global,DC=NGEL,DC=com" Validity: Not Before: Wed May 18 12:51:02 2022 Not After : Fri May 17 12:51:02 2024
5. Convert our private key to pkcs12
[root@ngelinux001 kernel]# openssl pkcs12 -export -in /etc/httpd/CERT/ngelinux001.crt -inkey /etc/httpd/CERT/private.key -out /etc/httpd/CERT/ngelinux001.p12 Enter Export Password: Verifying - Enter Export Password: [root@ngelinux001 kernel]# [root@ngelinux001 kernel]# cd /etc/httpd/CERT/ [root@ngelinux001 CERT]# ls -ltr total 24 -rwxrw-r-- 1 root root 1708 May 18 22:57 private.key -rw-r--r-- 1 root root 2728 May 18 23:51 ngelinux001.crt -rw-r--r-- 1 root root 8309 May 19 00:27 CA-NGEL.crt -rw-r--r-- 1 root root 3573 May 19 00:32 ngelinux001.p12 [root@ngelinux001 CERT]#
6. Import the converted key to DB.
[root@ngelinux001 CERT]# pk12util -i /etc/httpd/CERT/ngelinux001.p12 -d /etc/httpd/alias Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL [root@ngelinux001 CERT]#
7. Restart http service
# service httpd restart
Now the certificate is in place and your https site will work after service restart.