How To Set Up An SSL Vhost Under Apache2 On Ubuntu 9.10/Debian Lenny - Page 3

7 Configure Firefox To Trust CAcert.org (Optional)

If you use a CAcert.org certificate, your browser most likely doesn't trust this certificate and will show a warning. This chapter explains how you can import the CAcert.org root certificate into Firefox so that it won't show this warning anymore (please read http://wiki.cacert.org/BrowserClients for other browsers like MSIE, Safari or Opera).

Please note that if you run an e-commerce web site, you should better buy a certificate from a trusted CA because you can't ask all your visitors to reconfigure their browsers.

Please visit http://www.cacert.org/index.php?id=3 and click on the Root Certificate (PEM Format) link (http://www.cacert.org/certs/root.crt):

The Downloading Certificate dialogue opens. Click on View to examine the certificate:

Please make sure that the fingerprints are as follows:

SHA1 Fingerprint: 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33
MD5 Fingerprint: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B

Click on Close afterwards:

Next check Trust this CA to identify web sites. and click on OK:

Now go to Tools > Options...

... and then to Advanced > Encryption. Click on Revocation Lists:

The Manage CRLs window opens. Click on Import...:

Fill in the following URL and click on OK: http://crl.cacert.org/revoke.crl

After a few moments you should see the following message. Click on Yes to enable automatic updates:

Check Enable Automatic Update for this CRL and click on OK:

That's it. You should now be able to go to your SSL vhost without getting a browser warning:

 

8 Links

Share this page:

4 Comment(s)

Add comment

Comments

From: at: 2011-06-12 21:26:18

Falko, a well-written article which solved a weekend of frustration configuring Apache2 with an SSL certificate. I decided to subscribe to HowtoForge based solely on the high quality of your article.

 How can I download the Adobe PDF version of this article?

From: Julia Sifers at: 2011-07-08 22:55:05

For a site that accepts both http and https connections, do I need two virtual host files? So for instance, similar to "default" and "default-ssl," would I create "mysite" and "mysite-ssl" and then enable both of these? OR do I just need the "mysite-ssl" virtual host file?

From: at: 2012-03-07 16:03:12

This was the best tutorial on this subject that I came across. I joined this forum because of it.

  For it to work with Oneiric Ubuntu you need to 

Replace 

SSLCertificateFile /etc/ssl/certs/www.hostmauritius.com.pem 

With 

SSLCertificateFile  /etc/ssl/private/www.hostmauritius.com.crt

From: Anonymous at: 2013-11-25 19:14:00

Excellent Howto! Worked for me like a charm. Thanks.