How to import SSL certificate from an Apache server


Users often need to import an existing certificate from an Apache HTTPD server into Xeams. The following steps demonstrate how to accomplish this task.

Prerequisites

An SSL certificate has 3 components:

  1. Private key
  2. Public key
  3. A signed certificate from a certificate authority (CA) that establishes a trust relationship

An Important Note: When you download a certificate from a CA, such as GoDaddy or Comodo, that only contains two of the three components mentioned above. Those files do not contain your private key, which is typically stored on the machine where you created the CSR for the certificate.

Therefore, in order to export an SSL certificate you will need:

  • Your private key
  • Downloaded files from the CA
  • Intermediate certificates

Required Software

  • openssl - this utility typically comes with most Linux servers. For Windows, visit https://www.openssl.org/source/ to download.
  • keytool - this utility comes with Xeams and is located in $INSTALL_DIR\jre\bin folder. $INSTALL_DIR refers to the folder where Xeams is installed.

Steps To Export

Step 1 - Exporting From Apache

Click here for instructions on how to export certificate from Apache to a format that is understood by Xeams.

The output of the above instructions will result in a *.keystore file.

Step 2 - Specify the keystore in Xeams

  • We recommend renaming the *.keystore file to xeams.kesstore, to make it more meaningful.
  • Save this file in $INSTALL_DIR/config/xeams.keystore. Again, $INSTALL_DIR refers to the folder where Xeams is installed.

  • Finally, log into Xeams web interface and click Server Configuration/Manage SSL Certificate. Specify config/xeams.keystore for Keystore file name, specify the password you specified when exporting the certificate and put PKCS12 for Keystore type.