Topic: HOW TO INSTALL A THAWTE CERTIFICATE IN SME SERVER

[billmakr]

  This is my first how to so it may be a bit rough. I can say that I have it installed on my customers SME server and it works great.

INSTALLING A THAWTE CERTIFICATE IN SME SERVER V7.51

I suggest  a file manager like Winscp (http://winscp.net/eng/index.php)  to make file functions easier. I also suggest putty for your terminal client.

1.   Preparation
·   Start Winscp and create a session with your SME.
·   Use root and your password to log in with Winscp
·   You will see that you are now in the root directory
·   Create a new directory called cacert
2.   Start a terminal session with putty and log in as root
3.   Change to the cacert directory we created above
4.   First you have to know the Fully Qualified Domain Name (FQDN) of the website for which you want to request a certificate. When you want to access your website through https://www.yourdomain-example.com then the FQDN of your website is  www.yourdomain-example.com; therefore, your common name will be  www.yourdomain-example.com.
5.   Generate the Key with the following command: openssl genrsa -des3 -out www.yourdomain-example.com.key 2048 This command will generate a 2048 bit RSA Private Key and stores it in the file www.yourdomain-example.com.key  in the current directory which is cacert.
6.   It will ask you for a pass phrase: use something secure and remember it. Your certificate will be useless without the key. If you don't want to protect your key with a pass phrase (only if you absolutely trust that server machine, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option above. Generate the CSR with the following command: openssl req -new -key www.yourdomain-example.com.key -out www.yourdomain-example.com.csr   This command will prompt you for the X.509 attributes of your certificate. Remember to give the name www.yourdomain-example.com when prompted for 'Common Name (eg, www.yourdomain-example.com)'. Do not enter your personal name here. We are requesting a certificate for a webserver, so the Common Name has to match the FQDN of your website (a requirement of the browsers).
7.   You will now have a RSA Private Key in www.yourdomain-example.com.key and a Certificate Signing Request in  www.yourdomain-example.com.csr. Both of which are in the current directory which is cacert.
8.   Go back to your winscp session and refresh. You will now see the new files we have created.
9.   Choose to edit the www.yourdomain-example.com.csr  and do a copy of the contents to your clipboard.
10.   Go to the Thawte Website and choose the type of certificate you need (a simple ssl123 is good enough for most uses)
11.   Follow their instructions and when you get to the prompt for your csr information, Paste the contents of the clipboard contents from step nine
12.   Continue on until finished and Thawte will e-mail your certificate file.
13.   While you are on their site you will need to download a ca bundle file pack form this location https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AR1372
14.   Look for this heading, Apache, Plesk & Cpanel, and right click and save choice #1. (remember where you saved it)
15.   Change the name of the above file to www.yourdomain-example.com.pem
16.   Use Winscp and copy the above file to the cacert directory. Refresh the view and you should now have three files: 1. www.yourdomain-example.com.pem  2. www.yourdomain-example.com.csr             3. www.yourdomain-example.com.key.
17.   After receiving you certificate file from Thawte you will use Winscp to go the cacert directory and create a new file called www.yourdomain-example.com.crt
18.   Edit the file and paste the contents from the crt file you received from Thawte and save it. This should now make 4 files in the cacert directory.
19.   Copy the file www.yourdomain-example.com.key  to /home/e-smith/ssl.key directory on the SME server.
20.   Copy the file www.yourdomain-example.com.pem to /home/e-smith/ssl.pem directory on the SME server.
21.   Copy the file www.yourdomain-example.com.crt to /home/e-smith/ssl.crt directory on the SME server
22.   Enter this command from the command line using putty:  config setprop modSSL crt /home/e-smith/ssl.crt/www.yourdomain-example.com.crt
23.   Enter this command from the command line using putty: config setprop modSSL key /home/e-smith/ssl.key/www.yourdomain-example.com.key
24.   Enter this command from the command line using putty:  config setprop modSSL CertificateChainFile /home/e-smith/ssl.pem/www.yourdomain-example.com.pem
25.   Enter this command from the command line using putty: signal-event post-upgrade
26.   Enter this command from the command line using putty: signal-event reboot
27.   This step may not be necessary but it worked for me. After rebooting log in and choose the  reconfigure option and let it reboot one more time.

Hope this helps others. Please post back if anyone has further questions.

[kittng]

Dear billmakr,

I followed your steps but httpd failed to start thereafter. Is there any way to rectify this?

Thank you