Renewing Certificate on Apache with CertSecure Manager

In this comprehensive guide, you will learn how to renew a website certificate on an Apache web server that requests the certificate from CertSecure Manager. The step-by-step instructions in this article provide detailed guidance on how to manually renew certificates on the server. By following these instructions, you can ensure that your website remains secure and protected with an up-to-date SSL certificate.

Certificate Management with CertSecure Manager

CertSecure Manager is a CLM solution by Encryption Consulting. It addresses the most critical challenge organizations face in managing PKI i.e., handling the sheer number of certificates across the infrastructure. From ensuring certificates automation for renewal and deploying to enforcing strict organization policies. CertSecure is designed to reduce manual overhead and simplify the overall management of you PKI infrastructure. Integrations like Service Now, Teams help implement workflows for alerting and incident management.

CertSecure Manager  follows a certain method to segregate user information from each other where users can access their data and the departments they are assigned to. With policies defined, clients can also define roles which can be assigned to the users. Users can then conduct functions which are only defined by the permissions that are set by the administrator.

With the High Availability (HA) architecture of CertSecure, connector clients can effortlessly integrate all the public and private CAs . This provides a single pane of glass for managing all the certificates across multiple CAs. Its renewal agent workflows allow servers like Tomcat, Apache, nginx and load balancers like F5 to renew and deploy certificates without the need of any manual intervention. Thus, minimizing outages and increasing efficiency.

Step-by-Step Guide to Renew Certificate

In the context of renewing certificates on Apache Web Server for websites hosted on it, there exist two viable options. Firstly, we can generate a Certificate Signing Request (CSR) using the CertSecure Manager. This approach entails creating a fresh private key and a CSR which contains the pertinent information about the website, such as its domain name, organization name, and other details. The CSR is subsequently submitted to a certificate authority (CA) for validation and issuance of a new certificate. 

Secondly, we can enroll a certificate directly from a pre-existing CSR. This can be executed if a CSR was previously generated and is obtainable for use. The pre-existing CSR is submitted to a CA for validation and issuance of a new certificate. 

The use of CertSecure Manager can facilitate the acquisition process of a certificate from a CA. This tool streamlines the labor-intensive and time-consuming procedures that are usually required for obtaining a certificate. By automating the certificate acquisition process, CertSecure Manager can save time and effort for website owners and administrators.  

Following the prescribed steps one can easily acquire a certificate from CertSecure Manager and renew it on desired website running on the Apache web server.

1. Login to your CertSecure Manager, and navigate to ‘Generate Certificate’ in the Enrollment section present on the left side.

2. Select the desired CA, Template, SAN attributes, and other necessary information and click on Generate Certificate

   

3. Navigate to the Enrollment Inventory and find your certificate (check tasks for your enrollment ID). Download the PFX and navigate to the Apache server.

4. Extract the private key from the PFX file using OpenSSL.

   openssl pkcs12 -in filename.pfx -nocerts -out key.pem -legacy

   

   The above command gives you the encrypted private key. If you want an unencrypted private key use:

   openssl pkcs12 -in filename.pfx -nocerts -nodes -out key.pem -legacy

   

   The prompt will ask you for the pfx password entered while exporting the certificate.

5. You can extract the certificate directly using OpenSSL or simply by changing the extension of the certificate to “.pem”

   openssl pkcs12 -in myfile.pfx -out -nokeys certificate.pem -legacy

   

6. Place the certificate and key on the path where the certificate and key for your site are stored.
7. Restart your server for the changes to take place.

Conclusion

Renewing certificates on any website hosted on an Apache web server is a breeze when you follow the outlined steps with confidence and precision. By doing so, you can rest assured that the certificate renewal will be a resounding success.