CAE 7.8 Apache Server certificate (ca-bundle.crt) update needed for SSL

I am trying to enable SSL in a CAE 7.8 Core-Satellite environment.  Everything as far as configuration through the Core and Satellite consoles seems to work, but the Configuration Server logs shows a complaint that the Apache Server being used has an expited certificate (ca-bundle.crt).

 

When I check the actual certificate file, it is indeed expired (as of 10.23.2011).  My question is: How do I get that certificate renewed or get a new one installed so that I can use SSL in my environment?  I can find nothing on managing the Apache Server certificate in any reference manuals.

 

Any assistance or insight is appreciated.

 

Regards,

Lyle Blosser

Parents
  • Verified Answer

    Hi,

    You may just delete the offending certificate from the ca-bundle.crt (it is a text file). If it is the first one this will be needed, otherwise, you may apply the latest patch for 7.8 which will have code that does not error out if one of the certificates is not valid in the Certificate Authority (CA) bundle. It is mostly the resposibilty of the user to maintain the CA bundle upto date. You could get an good version of all the CAs from the Internet it is used by IE and so on. I could let you know in a future post on how to get that.

     

    For documentation, there is an SSL Implementation Guide which describes most of this. 

     

    Best Regards,

    Shanti

Reply
  • Verified Answer

    Hi,

    You may just delete the offending certificate from the ca-bundle.crt (it is a text file). If it is the first one this will be needed, otherwise, you may apply the latest patch for 7.8 which will have code that does not error out if one of the certificates is not valid in the Certificate Authority (CA) bundle. It is mostly the resposibilty of the user to maintain the CA bundle upto date. You could get an good version of all the CAs from the Internet it is used by IE and so on. I could let you know in a future post on how to get that.

     

    For documentation, there is an SSL Implementation Guide which describes most of this. 

     

    Best Regards,

    Shanti

Children