Testing Your Certificate

When the secure server is installed by the Red Hat Linux installation program, a random key and a generic certificate are installed, for testing purposes. You can connect to your secure server using this certificate. For any purposes other than testing, however, you need to get a certificate from a CA or generate a self-signed certificate. See the “Types of Certificates” section of this chapter if you need more information on the different types of certificates available.

If you have purchased a certificate from a CA or generated a self-signed certificate, you should have a file named /etc/httpd/conf/ssl.key/server.key, containing your key, and a file named /etc/httpd/conf/ssl.crt/server.crt, containing your certificate. If your key and certificate are somewhere else, move them to these directories. If you changed any of the default locations or file names for the secure Web server in your Apache HTTP server configuration files, you should put these two files in the appropriate directory, based on your modifications.

Once these CA files have been moved, restart your server with the command

/sbin/service httpd restart

If your key file is encrypted, you will be asked for the password. Enter your password to start your server. Point your Web browser to your server’s home page. The URL to access your secure Web server will look like this:

https://your_domain

If you are using a CA-signed certificate from a well-known CA, your browser will probably automatically accept the certificate (without prompting you for input) and create the secure connection. Your browser will not automatically recognize a test or a self-signed certificate, because the certificate is not signed by a CA. If you are not using a certificate from a CA, follow the instructions provided by your browser to accept the certificate. You can just accept the defaults by clicking Next until the dialogs are finished. Once your browser accepts the certificate, your secure Web server will show you a default home page.