I have a problem with installing SSL.
I have purchased a new certificate from my internet provider, and recived four *.CRT files back.
None of my socalled google-searches have helped me to were to place the files to make Apache work with SSL.
Basiclly
Need help with were to place the CRT-files and witch *.CONF files i need to chane to make it work.
I have tried using Yast-http, but that doesnt work either.
My Opensuse leap 15 is all clean, strait from the box, with all updates installed.
I don’t know what you mean by getting the *.CRT files back,
If you’ve ever set up a Microsoft IIS Server with SSL, you should be familiar with the basic process of how to go about installing a certificate… There is a universal process by which you need to generate a request on your web server which is then submitted to the CA, then using the information you submitted a certificate is created specifically for your web server which is sent back to you for installation.
In other words, you can’t just get certificates from your CA…
Perhaps you left some steps out?
In any case,
How and where you install your certificates depends in part on how you’ve set up your Apache,
Have a read of the openSUSE community documentation at the following link, starting with section 24.6.1.3.
If you’re still unable to find the info you need, post again but with the following additional info
How your websites are configured, as a single default website, or virtual hosts and if virtual hosts by IP address or host headers
If you’re using the YaST module to set up your apache
If you have more network interfaces on your system than one associated with your physical network device and lo (If you don’t know post your “ip addr”)
I am a little unsure now, because you guys are the experts…
Maybe I explained a little wrong… Or am I stupid?
I have a clean installation of Opensuse Leap 15, with all updates installed.
From my domain provider I got (by paying of course… an SSL certificate.
Ports 80 and 443 are open.
I want to go from http til https on web site…
Question…
Do I need to generate local certificates? (I have a crt from my provider)
I think I have followed every “walk-throu” but it still does not work.
It is a single site. Trying to keep it simple for now.
PS… I was not an expert in setting up MS security…
If you go to the openSUSE community documentation link I gave you,
The section I pointed you to was specifically for installing an SSL cert provided by a CA.
You can read the section immediately preceding that section which explains that you can install different kinds of certificates, besides a certificate provided by a CA you can also install a self-generated certificate… But that will have its own drawbacks.
You cannot simply ask for a certificate from a Provider for a website, you have to generate a request as I described.
If you simply asked for a certificate and someone sent a cert back to you without your generating and submitting a proper request, you won’t have a certificate appropriate for a website, maybe a certificate intended to be used for some other purpose.
Even the Letsencrypt that Knurpht suggests works the same way but instead of generating your request the usual way specific to the web server software you’re running, Letsencrypt provides you with an app that acts as an agent to generate the request for you.
A request is not the same as a certificate.
An alternative to generating a request you send to a CA Provider is that you can self-generate a certificate, in this case you do create a certificate which you then install into your web server supporting your web site. But, it won’t likely be automatically trusted by client web browsers, you have to tell the web browser to trust the self-signed certificate.
The concepts behind certificate based security and its infrastructure are not difficult but is longer than what I’d want to put in a Forum post, there are probably some articles on the Internet that can clear up what I’ve described if what I described isn’t clear…
Are you just wanting to be SSL certified, just because or because there will be user data going back and fourth from your website(s) such as mailing forms etc or will there be customers using cards online to purchase stuff?
If your going down the just because route because it’s the thing to do now and you have web forms but your not asking for card details then i would just install certbot and use Let’sEncrypt. The certificates are free and install for you durring the process of getting SSL certified.
When buying certificates i don’t think you can just “Put them Somewhere” just like that. They required configuring too within Apache’s configuration.
As i understand it Apache needs to know where they are, and know that they are genuine.
Please note this bit from one of my vhosts in the apache configs:
SSLEngine on
# Path to the LetsEncrypt created certificate fullchain.pem
SSLCertificateFile /etc/letsencrypt/live/www.knurpht.nl/fullchain.pem
# Path to the LetsEncrypt created private key privkey.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.knurpht.nl/privkey.pem
We don’t package letsencrypt in the distro ( yet ). But, since you have a .crt : Put it in /etc/apache2/ssl.crt/ ( there’s a README file in there, which says so ).
Although it doesn’t describe specifically where to place your certs for a CA issued certificate, read the other sections for the dummy and self-signed certificates for suggested locations. But, keep in mind that if you’ve configured multiple virtual websites, you’ll have to adjust.
