Renewing Certificate on Apache with CertSecure Manager

Last updated on January 24, 2024

Reading Time : 3 minutes

In this comprehensive guide, you will learn how to renew a website certificate on an Apache web server that requests the certificate from CertSecure Manager. The step-by-step instructions in this article provide detailed guidance on how to manually renew certificates on the server. By following these instructions, you can ensure that your website remains secure and protected with an up-to-date SSL certificate.

Step-by-Step Guide to Renew Certificate

In the context of renewing certificates on Apache Web Server for websites hosted on it, there exist two viable options. Firstly, we can generate a Certificate Signing Request (CSR) using the CertSecure Manager. This approach entails creating a fresh private key and a CSR which contains the pertinent information about the website, such as its domain name, organization name, and other details. The CSR is subsequently submitted to a certificate authority (CA) for validation and issuance of a new certificate.

Secondly, we can enroll a certificate directly from a pre-existing CSR. This can be executed if a CSR was previously generated and is obtainable for use. The pre-existing CSR is submitted to a CA for validation and issuance of a new certificate.

The use of CertSecure Manager can facilitate the acquisition process of a certificate from a CA. This tool streamlines the labor-intensive and time-consuming procedures that are usually required for obtaining a certificate. By automating the certificate acquisition process, CertSecure Manager can save time and effort for website owners and administrators.

Following the prescribed steps one can easily acquire a certificate from CertSecure Manager and renew it on desired website running on the Apache web server.

Login to your CertSecure Manager, and navigate to ‘Generate Certificate’ in the Enrollment section present on the left side.
Select the desired CA, Template, SAN attributes, and other necessary information and click on Generate Certificate
Navigate to the Enrollment Inventory and find your certificate (check tasks for your enrollment ID). Download the PFX and navigate to the Apache server.

Extract the private key from the PFX file using OpenSSL.

openssl pkcs12 -in filename.pfx -nocerts -out key.pem -legacy

The above command gives you the encrypted private key. If you want an unencrypted private key use:

openssl pkcs12 -in filename.pfx -nocerts -nodes -out key.pem -legacy

The prompt will ask you for the pfx password entered while exporting the certificate.
You can extract the certificate directly using OpenSSL or simply by changing the extension of the certificate to “.pem”

openssl pkcs12 -in myfile.pfx -nokeys -out certificate.pem -legacy
Place the certificate and key on the path where the certificate and key for your site are stored.
Restart your server for the changes to take place.

Conclusion

Renewing certificates on any website hosted on an Apache web server is a breeze when you follow the outlined steps with confidence and precision. By doing so, you can rest assured that the certificate renewal will be a resounding success.