Distribute Certificates
1. Root Certificate
The root certificate must be installed on all devices from which you want to access / browse your web server! It is therefore advisable to have your "certificate directory" connected as a drive on the respective devices!
1.1 MAC
command: "sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" <Verzeichnis><SLD>.pem
1.2 Linux
command: "sudo cp <Verzeichnis><SLD>.pem /usr/local/share/ca-certificates/<SLD>.crt"
command: "sudo update-ca-certificates"
1.3 Windows
command: "WIN + R - Eingabe: certmgr.msc" - OK
NEXT
hope you can "click together" the rest yourself ! 😎
2. Web Server Certificate
2.1 Apache
Please make sure that you have activated "a2enmod ssl"!
-
- go to the Apache directory "sites-available" and create a .conf file (of course you can also use the default-ssl.conf). If you are running the web server with XAMPP, then:
-
- changes the VirtualHost directive
<VirtualHost *:443>
ServerName <>
DocumentRoot <>
SSLEngine on
SSLCertificateFile <Verzeichnis>/<subdomäne.SLD.TLD>.crt
SSLCertificateKeyFile <Verzeichnis>/<subdomäne.SLD.TLD>.key
</VirtualHost>-
- command: "a2ensite <der Dateiname>.conf"
- command: "service apache2 restart"
in the case of XAMPP, stop and restart Apache!
2.1 NGINX
server {
listen 443 ssl;
server_name <subdomäne.SLD.TLS>;
ssl_certificate <Verzeichnis><subdomäne.SLD.TLS>.crt;
ssl_certificate_key <Verzeichnis><subdomäne.SLD.TLS>.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}But now you've done it!!!! 😁 Please understand that this is about local certificates and not how to generate a PI or how to set up a web server or, or, or, or... The only thing left to complete the picture is the actual side issue of DNS resolvers. Even if everything has been done correctly, it can happen that your domain is not accessible in your browsers.... 😰 So here's a final chapter DNS Resolver! Hey, and of course a "Gutzi" for hanging in there. Have a look at "Gutzi" !!!!! 😎