Reissuing SSL Certs? Not a problem - come right in.
Background - the department has a 15 license wildcard cert - *.sat.iit.edu issued by my good friends at Trustwave (which is in Chicago and had really killer customer support btw)
All 15 licenses were issued - some of the servers had been rebuilt since their cert was issues - meaning that the public/private key from those servers was now invalid and would throw the browser warning screen below...
So what do to? After talking with tech support I understood this: the initial certificate was signed with Trustwave's root certificate. But since this was an re=issued certificate their is now an additional chain.cer (chain certificate)?
Why? Because the new certificate is signed by the intermediate level certificate that then chains to the root cert - follow?
The Intermediate comes as either a ".cer" or ".crt" extension. Technically speaking; the ".cer" and ".crt" extensions are one in the same. If your instance of Apache requires that you use ".crt" files, then you can simply rename a ".cer" file to ".crt" Note: At this point, you should have a file named "chain.cer", "ovca.crt", or "dvca.crt". Moving forward, this FAQ will refer to this file as the intermediate file.</blockquote>
Editing the httpd.conf or ssl.conf file (Ubuntu it is /etc/apache2/sites-enabled/default-ssl)
Your host section will need to contain the following directives:
"SSLCACertificateFile" - Set this attribute to point to the appropriate Trustwave root CA certificate. The Trustwave root CA certificate can downloaded from the following URL: <-- Optional
"SSLCertificateChainFile" - Set this attribute to point to the intermediate file. <-- where you need to put your chain.cer file
"SSLCertificateFile" - Set this attribute to point to the end entity certificate (the "[yourdomain].cer" file you received from Trustwave) <-- You need the reissued STAR.youdomain.here.cer
"SSLCertificateKeyFile" - Set this attribute to point to the private key that was generated with your CSR. -- the same key file from you CSR request</blockquote>
Remember restart Apache!
(sudo service apache2 restart)If there is an error
If everything works you will see this screen...