httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Montague <>
Subject Re: [users@httpd] Help with ssl configuration in apache
Date Fri, 24 Feb 2012 15:48:25 GMT
On February 24, 2012 10:23 , Giltime9 <> wrote:
> But again it is the trust of chain That I have.  Do I consider it is just the
> certificate?  Also do I need to import it into keystore?  Also is the
> keystore I generate considered athe private key?

Apache HTTP Server does not use a keystore.  Also, a keystore is not the 
same as a private key.  A keystore contains the private key, the 
certificate, and the chain of trust all in a single binary file.  
Keystores, as created by the keytool program, are normally used by Java 
programs.  But, again, Apache will not use a keystore (Apache is written 
in C), so stop trying to create one.

Use the SSLCertificateKeyFile directive to point Apache at the 
PEM-encoded key file that you generated before you created the 
Certificate Signing Request that you sent to Verisign.  If you never had 
a PEM-encoded key file, then export the private key from the keystore 
into a PEM-encoded key file.

Verisign will have sent you the certificate in PEM-encoded format.  Use 
the SSLCertificate file directive to point Apache to this file.

Finally, Versign will have either sent you or provided you a link to a 
file containing all of the intermediate and root CA certificates that 
were used to sign your certificate.  Each certificate in this file will 
be in PEM-encoded format.  This is the "chain of trust".  Use the 
SSLCertificateChainFile directive to point Apache at this file.  (There 
are other ways to handle the chain of trust, but I'm keeping things 
simple for the purposes of this discussion).

I hope this helps.

   Mark Montague

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message