1

Environment : Linux 4.4.0-77-generic , Ubuntu 16.04.2 LTS with Apache 2 ( Apache/2.4.18 (Ubuntu))

Here is the situation : I had an SSL certificate for domains without www in them. Basically I thought www.domain-name.com and domain-name.com were considered as 1 domain, and the SSL certificate would work for both URL , but I learned that it only works with domain-name.com ( so without www in the url ).

I bought 3 extra domains (basically the same ones, but this time with 'www' in the domains url's).

What happened is that Comodo sent me a zip file containing this time not 2 files, but 4 files. I would like to know which is the correct qay to specify these new files within the VirtualHost configuration file ( apache2 , ubuntu 16.04) ?

I spend many hours trying to make the SSL certificate work yesterday and this morning, and it did in the end... but only for non www urls. So I'm probably nearly there... Just need to secure the www domains as well.

Here is a quick graphic showing the problem and question I have. This is the first time I'm doing this so it can get confusing especially after many hours spent on this case allready :)

quick description of my question

mlclm
  • 169
  • 5

1 Answers1

1

You don't specify which Linux distribution you are attempting this under, or which Apache version you are using.

For older Apache versions (<2.4.8) concatinate (e.g. with cat) all the *CA.crt files together to chain.crt and put the filename in SSLCertificateChainFile.

See the Apache docs for details.

On newer Apache versions, this directive is deprecated though and all intermediate CA files plus the server certificate should be concatinated and used in SSLCertificateFile.

Find the details in another answer here: Apache's deprecated SSLCertificateChainFile directive (AH02559)

fuero
  • 9,413
  • 1
  • 35
  • 40
  • This is what uname -a outputs : Linux server01 4.4.0-77-generic #98-Ubuntu SMP Wed Apr 26 08:34:02 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux . --- and as for Ubuntu : Ubuntu 16.04.2 LTS --- As for Apache it is : Apache 2.0 – mlclm Feb 03 '18 at 09:43
  • My Apache version is : Apache/2.4.18 . So I do need to concat the files, is that correct, and use : SSLCertificateChainFile ? – mlclm Feb 03 '18 at 10:52
  • Yes, but newer Apache versions will not support that. The directive is marked as deprecated. You can verify that it works with `openssl s_client -CApath /etc/ssl/certs/ca-certificates.crt -connect :443 -servername `, [`testssl.sh`](https://testssl.sh/) or the SSLLabs online scanner. – fuero Feb 03 '18 at 10:58
  • The Comodo help service actually told me that the 4 files are for a IIS server . When I said I had Apache2 he sent me a bundle and crt file again ( just 2 files, like previously ) . So this should work now. Thanks for your help ! – mlclm Feb 03 '18 at 11:34