Het certificaat moet in de Apache server geinstalleerd / vernieuwd worden.
Als certificaat alleen vernieuwd hoeft te worden, het dus al eerder een keer is geinstalleerd en geconfigureerd. Dan is het voldoende om de bestanden te vervangen.
SSLCertificateFile /etc/apache2/certs/mydomain.crt
SSLCertificateKeyFile /etc/apache2/certs/mydomain.key
en dan apache herstarten:
sudo service apache2 restart
Certificaat bestanden via Bitvise uploaden naar /home/fersys/ folder. Dan via console met commando's verhuizen en hernomen. Wel met 'sudo' ivm perissies.
Certificaat installeren en configureren:
Configuring apache
So you’ve purchased or generated your certificate for your web server, great! Now you’ll have to install it, that will be difficult, right? WRONG! It’s super easy. Let me show you how.
You’d need to activate SSL. On Debian or Ubuntu, it’s pre-installed with Apache and you’d just need to enable it, like this:
sudo a2enmod ssl sudo a2ensite default-ssl
On CentOS or Red Hat, it would be:
sudo yum install -y mod_ssl
now in the SSL configuration file, /etc/apache2/sites-enabled/default-ssl on Ubuntu/Debian and /etc/httpd/conf.d/ssl.conf on RHEL/CentOS, you’d add this for your purchased certificate:
SSLCertificateFile /etc/apache2/certs/mydomain.crt SSLCertificateKeyFile /etc/apache2/certs/mydomain.key SSLCertificateChainFile /etc/apache2/certs/intermediate-rapidssl.crt
now you simply restart your web server, on Debian/Ubuntu:
sudo service apache2 restart
or on RHEL/CentOS:
sudo service httpd restart
Now you can log in OTRS using the ‘https://’ prefix. It’s THAT easy!
It would still be great if you can forward existing links into http:// URLs that might already exist in notifications and such to https:// – but that’s easy. Just add this to the HTTP virtualhost configuration:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}Verification of your certificate
The people at Qualys SSL Labs have a nice service which allows you to verify if your certificate was set up properly, you can find it here.
Configuring OTRS
In OTRS the configuration change is also quite easy. Just navigate to Admin > SysConfig > Framework > Core and set ‘HttpType’ to https.
This will make the links in outgoing email notifications contain ‘https’ and it will also set the secure attribute on your login cookies.