Everything you never wanted to know about SSL certificates and Linux
Determining where the old cert is stored (apache)
$ cd /etc/httpd
$ cat conf/ | grep -ve "^#\|^$" | grep -i ssl
Look for SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile
Reading Certificates
Reading a private key
$ openssl rsa -in mykey.crt -check
Reading an unsigned public csr
$ openssl req -text -noout -verify -in myreq.csr
Reading a signed public certificate
$ openssl x509 -in mypub.crt -text -noout
Creating a new cert with a new private key
$ cp /etc/pki/tls /etc/pki/tls.old
$ cd /etc/pki/tls
$ openssl req -out myreq.csr -new -newkey rsa:4096 -nodes -keyout mykey.crt
$ cat myreq.csr
Insert into incommon provisioning website.
Renewing a cert with a existing private key
$ cp /etc/pki/tls /etc/pki/tls.old
$ cd /etc/pki/tls
$ openssl x509 -out myreq.csr -signkey mykey.crt
$ cat myreq.csr
Insert into incommon provisioning website.
Renewing a cert with a existing public/private key pair $ cp /etc/pki/tls /etc/pki/tls.old $ cd /etc/pki/tls $ openssl x509 -x509toreq -in certificate.crt -out myreq.csr -signkey mykey.crt $ cat myreq.csr
Insert into incommon provisioning website.
Installing new cert into the system
Download the signed certificate from InCommon for this tutorial known as mypub.crt
Download the certificate chain from InCommon for this tutorial known as mypub_interm.crt
$ cp ~/mypub_interm.crt /etc/pki/tls/certs/server-chain.crt $ cp ~/mypub.crt /etc/pki/tls/certs/localhost.crt $ cd /etc/pki/tls $ cp mykey.crt private/localhost.key $ /etc/init.d/httpd graceful