What is the correct way to enable HTTPS on apache httpd VirtualHost, given a .pem file and a .key file?

demiglace

2/7/24, 3:45 PM

I need to get https enabled on a webserver (RHEL 7.9, httpd 2.4.6). We were provided a pem file, with the following format:

-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----

and a .key file

-----BEGIN PRIVATE KEY-----
//
-----END PRIVATE KEY-----

I've seen guides and tutorials online (for tomcat) that we need to use the keytool command to import the certificates such as

keytool -import -trustcacerts -alias ALIAS -file file.crt -keystore key.jks

However, I've found none that addresses when the certificate and key are in .pem and .key formats. For example, I used the following command:

keytool -import -trustcacerts -alias mysite -file mysite.pem -keystore mysite.key

and it gives an error: keytool error: java.io.IOEXception: Invalid keystore format

On the configuration side, I have the following:

<VirtualHost <ip>:443>
    SSLCertificateFile /etc/home/admin/mysite.pem
    SSLCertificateKeyFile /etc/home/admin/mysite.key
    SSLEngine on

Which gives an error when running the httpd.service:

Invalid command 'SSLCertificateFile', perhaps misspelled or defined by a module not included in the server configuration

What would be the correct steps to take when enabling https on apache httpd 2.4.6?

219

0 + 2

httpd.conf

apache-2.4

raj

2/7/24, 4:46 PM

The error message quoted at the end indicates that you probably don't have the mod_ssl module enabled in your Apache configuration. After you enable it, `SSLCertificateFile` and other SSL-related configuration directives should be accepted. I don't understand the purpose of whole `keytool` related stuff you quoted, it should be enough just to put the `.pem` and `.key` files into locations specified in your config file.

larsks

2/7/24, 8:42 PM

`keytool` has nothing to do with Apache. It's a tool used to manage certificates in the Java ecosystem.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What is the correct way to enable HTTPS on apache httpd VirtualHost, given a .pem file and a .key file?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.