0

I successfully created a CSR and downloaded the Apache SSL Certificates from Go Daddy. I received "257c0515593b569.crt" & "gd_bundle-g2-g1.crt". I've rigorously searched and tried finding a solution to installing the new SSL Certificates, however no luck as https still displays the warning message.

Both GD certificates are now at "bitnami/apache2/conf/" where the self-made server.csr, server.key & cert.csr. I tried copy&pasting the GD onto these, apache would not restart successfully. I tried the below:

conf/bitnami/Bitnami.conf SSLCertificateFile "/opt/bitnami/apache2/conf/257c0515593b569.crt" SSLCertificateKeyFile "/opt/bitnami/apache2/conf/gd_bundle-g2-g1.crt"

And again no successful restart.

How am I to remove the old and successfully replace it with you new? Any help please...

---EDIT--- VH default settings as found in httpd-ssl.conf file

<VirtualHost _default_:443>
SSLEngine on

SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"

SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"

SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"

SSLCACertificatePath "/opt/bitnami/apache2/conf/ssl.crt"
SSLCACertificateFile "/opt/bitnami/apache2/conf/ssl.crt/ca-bundle.crt"
Satain
  • 1
  • 2

2 Answers2

0

It looks like you have it misconfigured.

See https://stackoverflow.com/questions/4814851/why-is-sslcertificatekeyfile-needed-for-apache

You should put the private key in a file that is listed out by SSLCertificateKeyFile. server.key is the private key, don't overwrite it.

jouell
  • 601
  • 1
  • 5
  • 20
  • I've had a read and look around, even tried relating to this article: https://www.digicert.com/csr-ssl-installation/apache-openssl.htm however no luck as when i restart apache and try "https://www.domain..." Im still getting the 'NET::ERR_CERT_AUTHORITY_INVALID' unsecure page, http still working as normal. I've edited to show my if its of any clarify – Satain Apr 09 '18 at 19:39
  • SSLCACertificateFile is for client auth via SSL. You don't mention you're doing that. I'd remove that directive. I'd also re-read the GoDaddy doc and see what was missed. If if were me, I would re-inventory all the files I have via openssl commands. I am a little concerned about the line: "tried copy&pasting the GD onto these" as far as what is what for your files. – jouell Apr 10 '18 at 14:46
0

I had to do this same thing recently on an older version of Bitnami. I was able to make it work by updating my /opt/bitnami/apache2/conf/bitnami/bitnami.conf with the following changes (note I've used your file crt file names):

<VirtualHost _default_:443>
SSLEngine on

SSLCertificateFile "/opt/bitnami/apache2/conf/257c0515593b569.crt"

SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"

SSLCertificateChainFile "/opt/bitnami/apache2/conf/gd_bundle-g2-g1.crt"

My version of Bitnami was installed in 2014, so they may have things setup different, but if not, I think you want to update the bitnami.conf file like I did instead of httpd-ssl.conf.

I also updated my /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf for the wordpress site we're running with the same values as above, but that likely doesn't apply in your case.

brendanwb
  • 1