Gojourichi's picture

Hi All, 


I am very new to this, and I am planning to use my own generated self-signed certificate to replace the default SSL certificate but I can't seem to the directory. Also, what are the things that I should be aware of aside from the SSL certificate, is there any other pre-requisites that I should know of? I already installed the certificate in my browser.  

Jeremy Davis's picture

The default self-signed certs are in /etc/ssl/private. They are contructed in a very particular way so that they are compatible with the primary web interface (i.e. ports 80 & 443), as well as Webshell and Webmin (ports 12320 & 12321 respectively). (And any other webserver that may be in a TurnKey appliance).

We include a tool called 'turnkey-make-ssl-cert'. To check it out a bit more, please run:

turnkey-make-ssl-cert --help

Alternatively, you could just create your own pem certs that match the format of the default ones. Or obviously, if you don't care about Webshell and Webmin, then so long as they're compatible with Ap-ache, you should be good.

One last option would be to configure Apache to use your certs (and put them wherever you want) using the appropriate Apache directives. E.g., within your virtual host definition for *.443, something like this:

    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"

Finally, there is also the option of reconfiguring the default certs to use. The current Apaceh config related to SSL/TLS certs is /etc/apache2/mods-available/ssl.conf/

Add new comment