...
Make sure you have the custom certificate and key files provided in
.pem
format. If the key file is encrypted, make sure to also have the key passphrase in a.txt
file.
Use the following file names:Code Block custom_cer.pem custom_key.pem custom_key_passphrase.txt (optional)
In a Cell Environment, perform all the steps on the cell manager only.
Log in to DPOD's server using SSH.
Copy the custom certificate file, the custom key file and optionally the custom key passphrase file to
/etc/httpd/conf/certs
.Generate a new Diffie-Hellman (DH) Group for a more secured TLS session and append the new DH group parameters file to the custom certificate:
Code Block language bash openssl dhparam -out /etc/httpd/conf/certs/custom_dhparams.pem 2048
Append the new DH group parameters file to the new certificate:
Code Block language bash cat /etc/httpd/conf/certs/custom_dhparams.pem >> /etc/httpd/conf/certs/custom_cer.pem
See an example of the concatenated certificate file below:
Code Block -----BEGIN CERTIFICATE----- MIIDDzCCAfegAwIBAgIJAIjhDQNZ4I2xMA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNV BAMME09wZXJhdGlvbnNEYXNoYm9hcmQwHhcNMjEwMjIyMTE1ODQ1WhcNMzEwMjIw ... S8kVtQThGaGbexvDlbE6vDmFtwPi5KTroU/T+0vHJ9lwTV1YvWduQ5EsQNlnDcSS GZYv2emdIk3/WcuMV0mqkXjhsw== -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- MIIBCAKCAQEA+SfHDxWo0BRXc/BxfJHZVkHtk16RmBHHiKv5HDOuhl1raZIEbJ2H 8e5Q0GVCxe30F7Cr66Wfx4jaHVQqkZ+YxuWLqDlHWUYeGPwXXdMXQtuQpPmfSbaT ... NhJHSMvkQrEiX7RHZVZVZ8ovwC9IzID5m2UgmDQ8/TgiBA9WyngswBFSglNvP9dK pb23nP4rDQ7sL307eponbeL/BsNUE4BeqwIBAg== -----END DH PARAMETERS-----
Execute the following commands:
Code Block language bash sed -i 's#^SSLCertificateFile .*#SSLCertificateFile "/etc/httpd/conf/certs/custom_cer.pem"#g' /etc/httpd/conf/httpd.conf sed -i 's#^SSLCertificateKeyFile .*#SSLCertificateKeyFile "/etc/httpd/conf/certs/custom_key.pem"#g' /etc/httpd/conf/httpd.conf
If the key file is encrypted, create a script named
custom_key_passphrase.sh
:Code Block vi /etc/httpd/conf/certs/custom_key_passphrase.sh
with the following content:
Code Block #!/bin/sh cat /etc/httpd/conf/certs/custom_key_passphrase.txt
and execute the following commands:
Code Block chmod +x /etc/httpd/conf/certs/custom_key_passphrase.sh sed -i "/^SSLPassPhraseDialog /d" /etc/httpd/conf/httpd.conf sed -i '/^SSLCertificateKeyFile /a SSLPassPhraseDialog exec:/etc/httpd/conf/certs/custom_key_passphrase.sh' /etc/httpd/conf/httpd.conf
Run a syntax check on the
httpd
configuration file to make sure the configuration is valid:Code Block language bash apachectl -t
Valid output:
Code Block language bash Syntax OK
Invalid output:
Code Block AH00526: Syntax error on line 541 of /etc/httpd/conf/httpd.conf: SSLCertificateFile: file '/etc/httpd/conf/certs/custom_cer.pem' does not exist or is empty
Restart the web server:
Code Block language bash service httpd restart
...