7

So according to: http://support.godaddy.com/help/article/5238/installing-an-ssl-certificate-in-apache

There is the following line to edit in ssl.cof for Apache 2.x:

SSLCertificateChainFile /path/to/intermediate/bundle/file

Well, I received gd_bundle.crt and my domain's certificate in a zip file. But hey, which one is the intermediate/bundle/file - could it possibly be gd_bundle.crt or is it anyone from their repository:

https://certs.godaddy.com/anonymous/repository.seam

Because I've already filled one line with gd_bundle.crt so my guess it is another file, but which one out of that repository link?

Thank you.

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/httpd/conf/gd_bundle.crt

This are the four lines to be configured out of which two for sure are ok but the other two I do not know, specially where does gd_bundle.crt go and which certificate is it that I'm missing that didn't come in the zip file and took me all the road up to the repository link in which I don't know on which file to decide to download an apply.

SSLCertificateFile /etc/httpd/conf/subgram.com.crt

SSLCertificateKeyFile /etc/httpd/conf/server.key

SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

SSLCACertificateFile /etc/httpd/conf/gd_bundle.crt
Machavity
  • 30,841
  • 27
  • 92
  • 100
lbennet
  • 1,083
  • 5
  • 14
  • 31

1 Answers1

4

I will answer your question, but I'd like to kindly point you in the direction that will help you get better assistance in the future before I do.

First, there is a reason your question hasn't got much attention. It is asked in a way which is not going to get answers from the gate. 1) This is more of a question for serverfault, since it has to do more with web server administration than programming. 2) you didn't mention apache in the title. 3) You mention a specific company, Godaddy, something like "Installing an SSL certificate in Apache 2.x" would probably be better, and then mention the specifics about how your CA issues a certificate. This is a really common question, and there are probably existing threads which it is clear you didn't read before asking a question. This goes beyond your single problem, but will help you better answer every single question you have in the future a bit better. See http://www.catb.org/esr/faqs/smart-questions.html

This is probably an excellent opportunity to read up on some documentation about how SSL certificates work, and how they are configured in Apache as well.

Because I've already filled one line with gd_bundle.crt so my guess it is another file, but which one out of that repository link?

None of them, that link only contains the Certificate Chain and Root Certificates.

Rather than try to describe what a Certificate Chain file is, IBM has done a much better job than I. This is step #1 in understanding how to solve your problem:

How certificate chains work

When you receive the certificate for another entity, you might need to use a certificate chain to obtain the root CA certificate. The certificate chain, also known as the certification path, is a list of certificates used to authenticate an entity. The chain, or path, begins with the certificate of that entity, and each certificate in the chain is signed by the entity identified by the next certificate in the chain. The chain terminates with a root CA certificate. The root CA certificate is always signed by the CA itself. The signatures of all certificates in the chain must be verified until the root CA certificate is reached.

This means basically, that the Certificate Chain file is what you will need in order for your certificate to be properly verified. A .crt file indicates it contains public, private, and root certificate files in one file, or some combination thereof.

Step #2

A .pem file usually means just one public certificate, this is the file you will use for SSLCertificateFile. Naming this file with .crt is only canonically correct if theres more than one cert in there, which most likely there is not if you are getting a cert from your CA. You mentioned you received some files from Godaddy, one of them is going to be this file.

Step #3

SSLCertificateKeyFile will be a private key file that was provided at some point after / during your certificate was issued. I can't say exactly what Godaddy's process, I can only describe the fundamentals of the process, and each CA is different in how they issue certificates. Don't forget to set the proper permissions on this certificate (in fact I think Apache will fail to start if this file is not set to 600 permissions).

This should give you enough information to go on to get up and running. Anything else that involves navigating Godaddy's SSL issuance process is a question more for Godaddy support than StackOverflow / ServerFault.

Good luck.

Zippy Zeppoli
  • 5,847
  • 4
  • 18
  • 16
  • 1
    He knows this stuff. it's just unclear what file is what in the go daddy SSL. you should have added the go-daddy specifics of what each cert means and how to map it to the apache conf. and this is another example of how an excellent question with a great answer is closed. I'm not arguing it's off topic, but it's a great resource. – Nicholas DiPiazza Aug 16 '13 at 22:37
  • Useful resource indeed, Nicholas. Problem of going too much OT is that StackOverflow risks of becoming next Yahoo Answers. ;-) Server conf details today, best restaurant in the area tomorrow :-P – maraspin Jan 07 '14 at 17:44