VA Certificate Installation

From NComputing Knowledge Base
Jump to: navigation, search

To set up your NComputing Virtual Appliance properly you may eventually install a certificate that your endpoints can trust and rely on.

Note: This article does not deal with rolling out certificates to endpoints. If you want to do that, look at Certificates instead.

  1. Make sure you have your certificate ready in .crt / .pem form and you possess the private key file (.key). If you do not have a private key, then it is not your certificate. If you also need certificate chain or CA root files, make sure you have them too in the correct .crt form. Do not use .pfx certificates, Apache will not read .pfx.
  2. Copy all your certificate and key files to the NComputing Virtual Appliance.
    • See File exchange for how to do this, or use the wget command from the command line
  3. Log in to the Virtual Appliance via SSH and gain root privileges
  4. Copy the .crt/.pem file to /etc/ssl/certs
    • The file permission should be 0644. This command sets it right:
    • chmod 640 /etc/ssl/certs/mycert.crt
  5. Any chain or CA root files, should go to /etc/ssl/certs as well
  6. Copy the .key file to /etc/ssl/private
    • The file permissions should be 0640, owner root, group ssl-cert. These commands set it right:
    • chown root.ssl-cert /etc/ssl/private/mycertkey.key
    • chmod 640 /etc/ssl/private/mycertkey.key
  7. Make a backup copy of the configuration file:
    • cp /etc/apache2/sites-enabled/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf.bak
  8. Edit /etc/apache2/sites-enabled/default-ssl.conf with your favorite text editor
    1. Make sure the SSLCertificateFile directive is followed by the full path filename to your certificate file
    2. Make sure the SSLCertificateKeyFile directive is followed by the full path filename to your key file
    3. If you have installed Certificate chain or CA files, have their file names placed next to the SSLCertificateChainFile and SSLCACertificateFile directives

After you have done this, restart Apache by issuing this command from the shell prompt: service apache2 restart

Then, please check the logs for error output: tail -n50 /var/log/apache2/error.log