Menu
What's the technical reason that SSLCertificateKeyFile is needed (the private key)? Where is that used and for what?
287
If SSLCertificateChainFile is specified, the webserver will attach the associated certificates (to build up a whole chain to a Root CA) to the webserver certificate.
SSL works through a system of security keys and digital certificates. A digital certificate establishes a site and server as legitimate in terms of SSL security. Managers can acquire an Apache SSL certificate from various sources and install it by copying certificate files to the server and configuring accordingly.
Why do you need OpenSSL? With OpenSSL, you can apply for your digital certificate (Generate the Certificate Signing Request) and install the SSL files on your server. You can also convert your certificate into various SSL formats, as well as do all kind of verifications.
Is there a difference on startup between a non-SSL-aware Apache and an SSL-aware Apache? Yes. In general, starting Apache with mod_ssl built-in is just like starting Apache without it. However, if you have a passphrase on your SSL private key file, a startup dialog will pop up which asks you to enter the pass phrase.
The SSL certificate file contains the X.509 certificate (which, in turn, contains a public key used for encryption). The SSL Certificate Key File contains the private key corresponding to the public key in the certificate. In order for the webserver to encrypt and decrypt traffic, it must have both the public key (certificate) and corresponding private key. Apache, unlike a lot of other server products, stores the key and certificate in separate files. Java-based products, for example, typically use Java KeyStore files, which are an encrypted database containing both the certificate and private key.
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
