I have to replace a certificate with a wildcard certificate and I am unsure of the process that I need to take to do this – I have Googled this but I can't find anything particularly straightforward, I apologise if this has been asked already, can someone help?
I think I need to create a keystore file or something like that, do I also need a bundle called gd_bundle.crt to run against on the server? This is pretty confusing for me.
I have been told that the files are in a folder that I need, but not WHICH files I need, the files available are:
wildcard.domain.org.crt
wildcard.domain.org.csr
wildcard.domain.org.key
wildcard.domain.org.p12
There is also a gd_bundle.crt file in the folder but it's older than these files so I'm not sure I need it.
'domain' replaces the company domain I have.
Our service provider is GoDaddy. The webserver is Apache2 on ubuntu 12.04, using openSSL, the purpose of the certificate is for a web page that displays build snapshots of code for our engineers.
All help and comments are hugely appreciated!
Best Answer
First figure out if your
wildcard.domain.org.key
is encrypted or not. For apache to start/restart automatically it must be decrypted. You can can view it with your favorite text editor/viewer.The encrypted key would have a first like like this.
The unencrypted key would have a first line like this.
Use a command like this to convert an encrypted key to be unencrypted.
openssl rsa -in filename.pem -out filename.key
If this was my system I would copy install the files into
/etc/apache2/ssl
folder and name them like below. (I prepend the creation date of the key/cert to give me a hint about the age of the cert. Plus I can upload a new cert early without breaking things if apache needs to be restart before I am ready to use the new cert.)Then depending on your virtual host config you will need to add lines like this to Apache.
See the apache mod_ssl docs for more details about how to configure Apache.