0

I just bought some SSL certs from a CA and I'm having problems getting them to work with the default SSL site deployed with apache2 (Debian 10).

Strangely, I never made a certificate request. I just had to prove I was the owner of the site, then the certificate was downloaded in a *.zip with these files (and the first line of each file):

ca_bundle.crt                -----BEGIN CERTIFICATE-----
certificate.crt              -----BEGIN CERTIFICATE-----
private.key                  -----BEGIN RSA PRIVATE KEY-----

I deployed those to /etc/ssl/.../ or /etc/apache2/ssl.crt/ and referred to them in the config file. My /etc/apache2/sites-enabled/default-ssl.conf looks like this (I removed most comments):

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@example.com
                ServerName example.com
                ServerAlias www.example.com
                DocumentRoot /var/www/html

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            SSLEngine on
            SSLCertificateFile    /etc/ssl/certs/certificate.crt
            SSLCertificateKeyFile /etc/ssl/private/private.key
            #SSLCertificateChainFile /etc/apache2/ssl.crt/ca_bundle.crt
            SSLCACertificatePath /etc/ssl/certs/
            SSLCACertificateFile /etc/apache2/ssl.crt/ca_bundle.crt

            &lt;FilesMatch &quot;\.(cgi|shtml|phtml|php)$&quot;&gt;
                            SSLOptions +StdEnvVars
            &lt;/FilesMatch&gt;
            &lt;Directory /usr/lib/cgi-bin&gt;
                            SSLOptions +StdEnvVars
            &lt;/Directory&gt;
    &lt;/VirtualHost&gt;



</IfModule>

After running systemctl restart apache2, loading the https:// version of the site gives me the familiar "Warning: potential security risk ahead" as if it were a self-signed cert.

I think I don't understand which options do what.

Since this is such a basic question, I thought I'd find some good explanations on stack-exchange, but it appears I'm not alone in understanding this. It also appears that there isn't really a good answer out there yet.

Stewart
  • 371

0 Answers0