Search Engine: Elastic

Article ID: 111379, created on Jun 3, 2011, last review on Jan 19, 2015

  • Applies to:
  • Operations Automation 5.4
  • Business Automation

Problem Statement

A provider wants to install an SSL certificate on PBA for the Linux Control Panel server.


In PBA for Linux, the SSL certificate is configured using standard directives in the Apache configuration file /etc/httpd/conf.d/ssl.conf on the PBA application server, namely - SSLCertificateFile and SSLCertificateKeyFile (optional).

In the default installation, the value of SSLCertificateFile directive is set to /usr/local/bm/etc/httpd/www.crt, so one may put the PEM-encoded SSL certificate and private key into the file /usr/local/bm/etc/httpd/www.crt. Alternatively, the private key may be put into a separate file, and the path to this file may be provided in the Apache directive SSLCertificateKeyFile.

After SSL certificate is changed, the Apache web server must be restarted:

~# /etc/init.d/httpd restart

Chain SSL Certificate

If the SSL certificate is issued by Certification Authority (CA), which is not included in the list of web browser trusted authorities, customers are shown an alarming warning upon opening the Online Store or the PBA Control Panel for the first time. The warning message states that the site SSL certificate is unknown (for their browsers) and asks whether to trust the SSL certificate or not.

However, the SSL certificate is absolutely reliable, and is issued by one of the authorized SSL providers. This SSL provider is just not included in the list of browser's default trusted authorities. In this case, the undesirable warning can be suppressed by means of chain certificate.

A certificate chain is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. The purpose of a certificate chain is to establish a chain of trust from a peer certificate to a trusted Certificate Authority (CA) certificate. The CA vouches for the identity of the peer certificate by signing it.

The chain SSL certificate is configured with the SSLCertificateChainFile directive, which should point to the file with the certificate chain. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.

Additional information

  1. The mod_ssl package has to be installed on the PBA application server to use the SSL secured connection for Control Panel.
  2. Refer to Apache documentation for more details about configuring SSL certificates:

caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae ac82ce33439a9c1feec4ff4f2f638899 2554725ed606193dd9bbce21365bed4e e12cea1d47a3125d335d68e6d4e15e07 198398b282069eaf2d94a6af87dcb3ff

Email subscription for changes to this article
Save as PDF