Red Hat Linux 7.0: The Official Red Hat Linux Reference Guide
PrevChapter 11. Obtaining a Certificate for your Secure ServerNext

Testing Your Certificate

When the secure server is installed by the Red Hat Linux installation program, a random key and a generic certificate are installed, for testing purposes. You can connect to your secure server using this certificate. For any purposes other than testing, however, you need to get a certificate from a CA or generate a self-signed certificate. See the section called Types of Certificates if you need more information on the different types of certificates available.

If you've followed the instructions provided in this guide to either purchase a certificate from a CA or generate a self-signed certificate, you should have a file named /etc/httpd/conf/ssl.key/server.key, containing your key, and a file named /etc/httpd/conf/ssl.crt/server.crt, containing your test certificate. If your key and certificate are somewhere else, move them to these directories. If you changed any of the default locations or filenames for the Red Hat Linux Secure Web Server in your Apache configuration files, you should put these two files in the appropriate directory, based on your modifications.

Now stop and start your server as described in the section called Starting and Stopping Apache. If your key file is encrypted, you will be asked for the password. Type in your password and your server should start.

Point your Web browser to your server's home page. The URL to access your Red Hat Linux Secure Web Server will look like this: 

https://your_domain

NotePlease Note
 

Note the "s" after "http." The https: prefix is used for secure HTTP transactions. If the connection is made, you should see a dialog box indicating that your browser must be configured to accept the test certificate.

If you're using a CA-signed certificate from a well-known CA, your browser will probably automatically accept the certificate (without prompting you) and create the secure connection. Your browser will not automatically recognize a test or a self-signed certificate, because the certificate is not signed by a CA. If you're not using a certificate from a CA, follow the instructions provided by your browser to accept the certificate. You can just accept the defaults by clicking Next until the dialogs are finished.

Once your browser accepts the certificate, your Red Hat Linux Secure Web Server will show you a default home page as shown in Figure 11-6.

Figure 11-6. The Default Home Page

PrevHomeNext
Creating a Self-Signed CertificateUpStarting and Stopping Apache