Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Change default apache server.crt

Discussion in 'Security' started by bloatedstoat, Jan 22, 2017.

Tags:
  1. bloatedstoat

    bloatedstoat Well-Known Member

    Joined:
    Jun 14, 2012
    Messages:
    100
    Likes Received:
    8
    Trophy Points:
    18
    Location:
    Victoria, Australia
    cPanel Access Level:
    Root Administrator
    I purchased an SSL certificate that matches the server name.

    The below command however, results in the default SSL certificate installed by our server supplier showing up:

    Code:
    openssl x509 -in /etc/apache2/conf.d/ssl.crt/server.crt -noout -subject
    subject= /emailAddress=ssl@ded.serversupplier.com.au/CN=ded.serversupplier.com.au
    How can I change it so that our own SSL certificate is used?

    Secondly, within SSL storage manager under User Account SSL Resources there is the following line:

    The SSL resources below are available to your account

    Here are a whole slew of certificates, mostly from the server supplier when the server was provisioned and in the mix there appears our own certificate. Is it safe to delete the server supplier ones leaving the one I bought and would it affect the system adversely if they were deleted?

    Thank you!
     
  2. Eminds

    Eminds Well-Known Member

    Joined:
    Nov 10, 2016
    Messages:
    211
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    What type of SSL you have purchased ? is it wildcard SSL or a multi domain SSL

    and have you installed this SSL on server hostname ?
     
  3. bloatedstoat

    bloatedstoat Well-Known Member

    Joined:
    Jun 14, 2012
    Messages:
    100
    Likes Received:
    8
    Trophy Points:
    18
    Location:
    Victoria, Australia
    cPanel Access Level:
    Root Administrator
    It is not a wildcard cert, the certificate is solely for name.domain.com.au which is the server's hostname.
    I have installed it as the service certificate for exim, cpanel, whm, ftp etc; from within Service Configuration > Manage Service SSL Certificates.

    How do I update Apache so that the name.domain.com.au certificate replaces the one currently found at /etc/apache2/conf.d/ssl.crt/server.crt?

    Thanks.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,419
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You should be able to install the certificate for the server's hostname via:

    "WHM Home » SSL/TLS » Install an SSL Certificate on a Domain"

    Could you let us know of any specific error messages you encounter when using this option?

    Thank you.
     
  5. bloatedstoat

    bloatedstoat Well-Known Member

    Joined:
    Jun 14, 2012
    Messages:
    100
    Likes Received:
    8
    Trophy Points:
    18
    Location:
    Victoria, Australia
    cPanel Access Level:
    Root Administrator
    Thanks Michael, I attempted the update and received the following:

    Just to clarify, this is to replace the certificate in /etc/apache2/conf.d/ssl.crt/server.crt which is outputting:

    Code:
    openssl x509 -in /etc/apache2/conf.d/ssl.crt/server.crt -noout -subject
    subject= /emailAddress=ssl@ded.serversupplier.com.au/CN=ded.serversupplier.com.au
    I'd like the output to be hostname.domainname.com.au.

    Thanks.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,419
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can manually populate the /etc/apache2/conf.d/ssl.crt/server.crt and /etc/apache2/conf.d/ssl.key/server.key files with CRT and KEY of your new certificate.

    Thank you.
     
Loading...

Share This Page