A provider wants to install an SSL certificate on PBA for the Linux Control Panel server.
In PBA for Linux, the SSL certificate is configured using standard directives in the Apache configuration file /etc/httpd/conf.d/ssl.conf on the PBA application server, namely - SSLCertificateFile and SSLCertificateKeyFile (optional).
In the default installation, the value of SSLCertificateFile directive is set to
/usr/local/bm/etc/httpd/www.crt, so one may put the PEM-encoded SSL certificate and private key into the file
/usr/local/bm/etc/httpd/www.crt. Alternatively, the private key may be put into a separate file, and the path to this file may be provided in the Apache directive SSLCertificateKeyFile.
After SSL certificate is changed, the Apache web server must be restarted:
~# /etc/init.d/httpd restart
Chain SSL Certificate
If the SSL certificate is issued by Certification Authority (CA), which is not included in the list of web browser trusted authorities, customers are shown an alarming warning upon opening the Online Store or the PBA Control Panel for the first time. The warning message states that the site SSL certificate is unknown (for their browsers) and asks whether to trust the SSL certificate or not.
However, the SSL certificate is absolutely reliable, and is issued by one of the authorized SSL providers. This SSL provider is just not included in the list of browser's default trusted authorities. In this case, the undesirable warning can be suppressed by means of chain certificate.
A certificate chain is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. The purpose of a certificate chain is to establish a chain of trust from a peer certificate to a trusted Certificate Authority (CA) certificate. The CA vouches for the identity of the peer certificate by signing it.
The chain SSL certificate is configured with the SSLCertificateChainFile directive, which should point to the file with the certificate chain. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.
mod_sslpackage has to be installed on the PBA application server to use the SSL secured connection for Control Panel.
Refer to Apache documentation for more details about configuring SSL certificates: