Anchor - Configuring a Single Domain SSL Certificate or a Wildcard Certificate
Posted by Rick Klemetson, Last modified by Tami Sutcliffe on Feb 16, 2017 01:29 PM
This article contains two sections: an Apache Server section, and an Anchor Server section. You must configure Apache with an SSL certificate in order to allow mobile devices to connect. You must also configure an SSL certificate for your Anchor application server to support desktop client connections and WebDAV.
Section 1: Apache Server
In order for mobile devices to log in, a valid CA signed SSL certificate must be installed for Apache. Self-signed certificates are not supported.
When you create a new SSL certificate or wildcard certificate, you generate a .key file (private key), as well as a .csr file (certificate signing request file), using your OpenSSL application. You then submit the .csr file to the SSL Certificate Authority of your choice (for example, GoDaddy, Thawte, Verisign, and so forth) in order to receive the appropriate .crt (certificate file)and bundle .crt files, which are then installed on your Apache web server.
This section will review the following steps in detail:
Use the OpenSSL application to generate a .key file
Use the OpenSSL application to generate a .csr file
Purchase a certificate from an SSL Certificate Authority using the newly generated .csr file
Update the SSLCertificateChainFile path in the http.conf file
Note: This section outlines the full process for purchasing a new SSL certificate and configuring it for use. If you already have an existing SSL certificate, please copy your existing .key file, .crt file, and bundled .crt file into the C:\Apache24\conf\ssl\ directory, then skip to the Updating the SSLCertificateChainFile Path section below.
To generate a .key file using the OpenSSL application:
From the Start menu, enter cmd into the search box and press the Enter key. A new Command Prompt window displays.
In the Command Prompt window, navigate to the Apache bin directory using the cd command, and press the Enter key: cd C:\Apache24\bin\
Enter the following command to set the environment variable: set OPENSSL_CONF=C:\apache24\conf\openssl.cnf
While still in the Command Prompt window, launch the openssl application using the openssl command: openssl
Within the OpenSSL application, generate a .key file using the genrsa command: genrsa –out yourdomainname.key 2048 For example: genrsa -out yourdomainname.key 2048
Generate a .csr File
To generate a .csr file using the OpenSSL application:
While still in the OpenSSL application, generate a .csr file using the following command: req -new –key yourdomainname.key –outyourdomainname.csr-config "C:\Apache24\conf\openssl.cnf" For example: OpenSSL> req -new -key yourdomainname.key -out yourdomainname.csr -config "C:\Apache24\conf\openssl.cnf"
You will be prompted to enter information into the Command Prompt window:
When prompted to enter a Country Name, enter your country’s two letter code (for example, US).
When prompted to enter a State or Providence Name, enter the full name of your state or providence (for example, California).
When prompted to enter a Locality Name, enter the full name of your city (for example, San Francisco).
When prompted to enter an Organization Name, enter the name of your organization.
When prompted to enter an Organizational Unit Name, enter your organizational unit, or leave this field blank.
When prompted to enter a Common Name, enter your server FQDN (for example, hostname.yourdomainname.com, or *.yourdomainname.com for a wildcard certificate).
IMPORTANT: You must include a * symbol in front of your yourdomainname.com if you are registering a wildcard certificate.
When prompted to enter your email address, enter a valid email address.
IMPORTANT: Make sure you have access to the email account that you provide. Depending upon the SSL Certificate Authority you select, you might need to validate ownership of your domain.
When prompted to enter extra attributes (a challenging password and an optional company name), leave these fields blank.
Purchase a New Certificate
To Purchase a certificate from an SSL Certificate Authority:
Purchase a certificate from an SSL Certificate Authority of your choice using your newly generated .csr file. For example, you may wish to purchase from GoDaddy, Thawte, Verisign, and so forth.
Each of these Certificate Authorities will require a specific set of steps for submitting the content of your newly generated .csr file. Follow the specific set of instructions provided by your selected Certificate Authority.
IMPORTANT: Depending upon the SSL Certificate Authority you selected, you might need to validate ownership of your domain.
When prompted to submit your .csr file, you can access the file in the Apache directory (for example, C:\Apache24\bin\ssl\_.yourdomainname.com.csr). Your SSL Certificate Authority will provide you with two files: a .crt file and a bundle.crt file. Make sure that you specify Apache server type when you download the files.
After your SSL Certificate Authority provides you with the .crt file and the bundle.crt file, move the files into the C:\Apache24\conf\ssl\ directory. Specifically:
Move the .crt file into Apache’s ssl directory (for example, C:\Apache24\conf\ssl\).
Move the bundle.crt file into Apache’s ssl directory (for example, C:\Apache24\conf\ssl\).
Move the .key file from Apache’s bin directory to Apache’s ssl directory (for example, from C:\Apache24\bin to C:\Apache24\conf\ssl\).
To update the SSLCertificateChainFile path in the http.conf file:
Navigate to Apache’s conf directory (for example, C:\Apache24\conf\) and open the httpd.conf file.
For single certificates, in the VirtualHost section, update the following lines: