Spiceworks Installation SSL Certs

josephwang3466 · 2015-09-23T20:00:39.000Z

Hello,

I’ve been trying to follow along with the guide here: https://community.spiceworks.com/how_to/3267-create-new-public-ssl-certificate-for-spiceworks

Having some trouble, though. I have gone through DigiCert to get my .crt files, both the certificate file and the intermediate file, and have modified the httpd.conf file accordingly, but I still seem to be stuck in the startup loop that indicates that Apache is having trouble starting up. Are there any log files I should be looking at? Or some other resource I can use? Any help would be appreciated. Thanks!

simonmatthews · 2015-09-23T21:30:24.000Z

Do you have the .pem for the private key and certificate?

v-s · 2015-09-23T21:59:35.000Z

The problem is that, while Spiceworks does use Apache, it is very self contained installation of Apache. Any modifications you make to httpd.conf can very easily be overwritten by updates to Spiceworks, so every update you will have to go back in and make configuration changes.

Also, currently in 7.4, Spiceworks uses OpenSSL 0.9.8 and doesn’t support TLSv1.1 or TLSv1.2, if you’re trying to make additional changes of your httpd.conf to include those, it will not start since OpenSSL 1.0.1+ is required for those to function. The good news with that is 7.5 Beta does have that implemented already, so when 7.5 comes out that will be implemented.

You can try to convert your CRT certificate to PEM format using OpenSSL:

x509 - How to convert .crt to .pem - Stack Overflow
ssl - How to get .pem file from .key and .crt files? - Stack Overflow

josephwang3466 · 2015-09-24T11:17:26.000Z

I actually went back to DigiCert and they had an option to give me the certificate file and intermediate file in .pem. V_S, according to your second link it looks like my .key file is already in .pem form, as it starts with -----Begin Private Key----- and isn’t in binary.

Any other thoughts?

josephwang3466 · 2015-09-24T11:30:31.000Z

I’m not sure if this helps at all, but DigiCert gave me three certs: my certificate file (named Hostname.pem) a “DigiCertCA2.pem” file (which I think is the intermediate file according to the readme file that came with the certs) and a “TrustedRoot.pem” file. I’m not 100% sure what that last one is for.

v-s · 2015-09-24T13:19:16.000Z

C:\Program Files (x86)\Spiceworks\httpd\ssl
ssl-cert.pem
ssl-private-key.pem

Backup the existing in the folder.

If the hostname.pem matches your hostname of your Spiceworks server, use that one.

Open it in notepad and see what sections it has in there.

If it has both of these sections:

-----BEGIN RSA PRIVATE KEY-----
xxx
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----

Then it includes both the key and the certificate.

If it includes both key and certificate, make a copy of it and rename it:

ssl-private-key.pem

Then make a copy and name it

ssl-cert.pem

Open it up in notepad and remove the:

-----BEGIN RSA PRIVATE KEY-----
xxx
-----END RSA PRIVATE KEY-----

Section so it only has the CERTIFICATE section in there.

Someone else can verify this, but that’s how mine is working at this moment.