secure crt

Installing A SSL On Debian On Google Compute Engine

I had a task which involve renewing a SSL certificate on a customer’s website that was seemed to be a big task, but really it “boils” down to just a few steps.

And, since it is hosted on a Google Compute Engine, you may think that adds some complexity, and maybe it does (there is no webhost company to do the work for you, so it’s for the “diy person”), but really if you have SSH access, the process is just running some Linux commands on a Debian server.

>> This process is for renewing an already existing SSL certificate (or possibly for installing a new one – but you have to test that).

I originally did the certificate in 2018 through Comodo, but Comodo was acquired by Sectigo, and they told me I couldn’t renew this certificate, but I had to create a new one.

Hmmmm…well you possibly could use the information here to install a new SSL certificate.

Step 1 – ***This command generates the csr I needed to place into the crt (Certificate Request) sectigo:

openssl req -nodes -newkey rsa:2048 -keyout rmh.key -out rmh.csr

–> Paste the contents of rmh.key (or whatever you named the key file) into the box at ????? (insert ssl provider here 🙂 )

After some minutes they sent back a few files needed to make the new SSL feature on your website work.

They should send back some crt files, in my case there were 4:

1. USERTrustRSAAAACA.crt
2. SectigoRSADomainValidationSecureServerCA.crt
3. AAACertificateServices.crt

4. Rmhsurgicalmanagement_com.crt

Step 1

Files 1-3 are supposed to be combined into the .ca-bundle file.
(How? The file contents, of course (don’t complicate it)), like this:


-----BEGIN CERTIFICATE-----
{LOTS OF CRYPTIC STUFF FROM FILE 1}
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
{LOTS OF CRYPTIC STUFF FROM FILE 2}
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
{LOTS OF CRYPTIC STUFF FROM FILE 3}
-----END CERTIFICATE-----

Step 2

Again, the 3 crt files, I combined (the text parts) into a file called “rmhsurgicalmanagement_com.ca-bundle

Now, in the terminal SSH screen, navigate to /etc/ssl/certs

Step 3

THE 3 FILES:
Rmhsurgicalmanagement_com.ca-bundle
Rmhsurgicalmanagement_com.crt
rmh.key

>>>> … will go in the /etc/ssl/certs folder on your webserver.

(key point: the rmh.key was given to the ssl company and they returned to you the .crt file, so they need to match (be done at the same time) )

…will go in this folder /etc/ssl/certs

either you can copy them with Filezilla or you may have to move them around with some Linux terminal commands.

Then restart apache -> sudo service apache2 restart

Your website should be using the new SSL certificate at this point. (If not, well try again 😉 ).

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Tags: , , , , , , ,
 
Next Post
Windows 10 Monitor Flickering 3
Hardware

Windows 10 Monitor Flickering