Using Pre-Existing Keys And Certificates; Types Of Certificates - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
Chapter 22. Apache HTTP Server
22.8.3. Using Pre-Existing Keys and Certificates
If you already have an existing key and certificate (for example, if you are installing the secure server
to replace another company's secure server product), you can probably use your existing key and
certificate with the secure server. The following two situations provide instances where you are not
able to use your existing key and certificate:
• If you are changing your IP address or domain name — Certificates are issued for a particular IP
address and domain name pair. You must get a new certificate if you are changing your IP address
or domain name.
• If you have a certificate from VeriSign and you are changing your server software — VeriSign is
a widely used CA. If you already have a VeriSign certificate for another purpose, you may have
been considering using your existing VeriSign certificate with your new secure server. However, you
are not be allowed to because VeriSign issues certificates for one specific server software and IP
address/domain name combination.
If you change either of those parameters (for example, if you previously used a different secure
server product), the VeriSign certificate you obtained to use with the previous configuration will not
work with the new configuration. You must obtain a new certificate.
If you have an existing key and certificate that you can use, you do not have to generate a new key
and obtain a new certificate. However, you may need to move and rename the files which contain your
key and certificate.
Move your existing key file to:
/etc/pki/tls/private/server.key
Move your existing certificate file to:
/etc/pki/tls/certs/server.crt
If you are upgrading from the Red Hat Secure Web Server, your old key (httpsd.key) and certificate
(httpsd.crt) are located in /etc/httpd/conf/. Move and rename your key and certificate so that
the secure server can use them. Use the following two commands to move and rename your key and
certificate files:
mv /etc/httpd/conf/httpsd.key /etc/pki/tls/private/server.key mv /etc/httpd/conf/httpsd.crt /
etc/pki/tls/certs/server.crt
Then, start your secure server with the command:
/sbin/service httpd start
22.8.4. Types of Certificates
If you installed your secure server from the RPM package provided by Red Hat, a randomly generated
private key and a test certificate are generated and put into the appropriate directories. Before you
350
Advertisement
Table of Contents
Need help?
Do you have a question about the ENTERPRISE LINUX 5 - DEPLOYMENT and is the answer not in the manual?
Questions and answers