NComputing Knowledge Base
- Mobile
- Desktop
VA Certificate Installation
To set up your NComputing Virtual Appliance properly you may eventually install a certificate that your endpoints can trust and rely on.
Note: This article does not deal with rolling out certificates to endpoints. If you want to do that, look at Certificates instead.
- Make sure you have your certificate ready in .crt / .pem form and you possess the private key file (.key). If you do not have a private key, then it is not your certificate. If you also need certificate chain or CA root files, make sure you have them too in the correct .crt form. Do not use .pfx certificates, Apache will not read .pfx.
- Copy all your certificate and key files to the NComputing Virtual Appliance.
- See File exchange for how to do this, or use the
wget
command from the command line
- See File exchange for how to do this, or use the
- Log in to the Virtual Appliance via SSH and gain root privileges
- See here for more information that: SSH login#NComputing Virtual Appliance
- Copy the .crt/.pem file to
/etc/ssl/certs
- The file permission should be 0644. This command sets it right:
-
chmod 640 /etc/ssl/certs/mycert.crt
- Any chain or CA root files, should go to
/etc/ssl/certs
as well - Copy the .key file to
/etc/ssl/private
- The file permissions should be 0640, owner root, group ssl-cert. These commands set it right:
-
chown root.ssl-cert /etc/ssl/private/mycertkey.key
-
chmod 640 /etc/ssl/private/mycertkey.key
- Make a backup copy of the configuration file:
-
cp /etc/apache2/sites-enabled/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf.bak
-
- Edit
/etc/apache2/sites-enabled/default-ssl.conf
with your favorite text editor- Make sure the
SSLCertificateFile
directive is followed by the full path filename to your certificate file - Make sure the
SSLCertificateKeyFile
directive is followed by the full path filename to your key file - If you have installed Certificate chain or CA files, have their file names placed next to the
SSLCertificateChainFile
andSSLCACertificateFile
directives
- Make sure the
After you have done this, restart Apache by issuing this command from the shell prompt:
service apache2 restart
Then, please check the logs for error output:
tail -n50 /var/log/apache2/error.log