How to install a SSL certificate

Hi,
I’d install a SSL certificate on my SLES 11 SP4. Could you please suggest the best practise to do that?

Regards,
Rosario

What do you mean by “instal it”? I presume you want to use it with some
service, but then that means you need to place it somewhere for that
particular service, and probably configure it for that service too.
Knowing those details will help.

It is probably also worthwhile to note that there are various ways to use
SSL; is this a server, meaning it will have a private key, or is this a
client meaning you just need to install CA certificates so they are
trusted by whatever application? If this is a server, ideally you
generate the private key, and then the Certificate Signing Request (CSR)
all on this machine and then import the certificate once you get it back
from the third-party CA; a private key should not usually be generated
somewhere else because that means it is somewhere else, probably on an
insecure workstation (not private).


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

Hi,
my host is a client and I need to install the CA certificate in order to allow HTTPS session towards a specific server. How can I install it?

Regards,
Rosario

Great details; thank-you for providing them.

I believe the right way to do this is to put the PEM (b64) files into the
/etc/ssl/certs directory and then run c_rehash against that directory:

cp /path/to/your/ca.pem /etc/ssl/certs
c_rehash /etc/ssl/certs

If your certificate has multiple certificates in its chain, as is likely,
you may want to do that for a PEM file for EACH certificate in the chain
up until the actual SSL certificate itself which should not be included.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

Thanks a lot, it works. Even though I should be careful during the operation of copying the file because if I omit the .pem extension, the CA certificate will not be parsed. So, for anyone will use this command, remember to add the pem extension to your CA file if not present yet.

Best regards

As a “heads up” and to the casual future reader:

Copying to /etc/ssl/certs is a no-go for SLES12+ systems, these files will get deleted under certain conditions. Put your CA .pem files into /etc/pki/trust/anchors and run the command “update-ca-certificates”.

For SLES11 (which this thread is about), ab’s instructions are perfectly valid.

Regards,
J