SSL Configuration

FileCloud runs on Apache web server. 

  • Apache server can be configured to serve the website securely using HTTPS protocol. 
  • To enable the HTTPS protocol, you need an SSL certificate.


If you are using Active Directory and want to:

  • Add AD users
  • Change AD passwords
  • Secure the connection to Active Directory

Then you need to configure additional settings and install an SSL certificate on the AD server.

Note: This topic does not relate to securing connections with your AD Server.

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remains private and integral. 

To create an SSL connection a web server requires an SSL Certificate. When you activate SSL on your web server you are asked a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key.

Your customers' browsers display a key indicator to let them know they are currently protected by an SSL encrypted session - the lock icon in the lower right-hand corner. They can click the lock icon to view the SSL Certificate and details about it. 

To learn more about SSL, read knowledge base articles on the SSL web site.

To enhance the security of the root certificate, two intermediate certificates are created from which SSL certificates are signed and issued.

The result is a certificate chain that includes the trusted root certificate, the intermediate certificate, and the SSL certificate issued to you. 

The use of intermediate certificates for issuing SSL certificates to end entities provides an added level of security. You must install the intermediate certificate on your web server along with your SSL certificate to allow the certificate to be effective.

 

Your certificate files' extensions enable you to know what’s in the files, and if you need to convert them.

 

File ExtensionContents
*.pem

Concatenated certificate container files

Frequently required for certificate installations when multiple certificates are being imported as one file.

*.crt

*.cer

The *.crt and *.cer file formats are interchangeable and contain the same information.

the *.crt file is a Microsoft convention and can be easily converted to *.cer.

An SSL certificate contains both:

*.key = the private key to the certificate

*.crt = the signed certificate

*.ca-bundle

A file that contains root and intermediate certificates.

  • The end-entity certificate along with a CA bundle constitutes the certificate chain.

The chain is required to improve compatibility of the certificates with web browsers and other kind of clients.

This allows browsers to recognize your certificate so that no security warnings appear.

*.pfx

This is an archive file format for storing several cryptographic objects in a single file.

  • contains the end-entity certificate (issued to your domain)
  • a matching private key
  • may optionally include an intermediate certification authority (a.k.a. CA Bundle).

All this is wrapped up in a single file which is then protected with a pfx password.

What do you want to do?

     Use SSL on Windows

     Use SSL on Linux

       Convert a PFX to a PEM SSL Certificate