SSL Certificate Symlinks

March 25, 2021 Stanly G Linux, Apache 0 minutes, 40 seconds

Using Commercial Certificates? Have multiple vhosts that use the same SSL certificate? Using a wildcard SSL Certificate?

Symlinking your SSL Certificate files might make your life easier.

Create your SSL Certificate files in the appropriate location. On the Redhat family of Linuxes

  • /etc/pki/tls/certs for certificate files
  • /etc/pki/tls/private for private keys

Using a wildcard certificate for example.com, you might have these files:

  • /etc/pki/tls/certs/2021-03-25-wildcard.example.com.crt
  • /etc/pki/tls/certs/2021-03-25-wildcard.example.com.ca.crt
  • /etc/pki/tls/private/2021-03-25-wildcard.example.com.key

Create symlinks like these, and you can replace the symlinks every year when you get a new cert.

# ln -s /etc/pki/tls/certs/2021-03-25-wildcard.example.com.crt /etc/pki/tls/certs/wildcard.example.com.crt
# ln -s /etc/pki/tls/certs/2021-03-25-wildcard.example.com.ca.crt /etc/pki/tls/certs/wildcard.example.com.ca.crt
# ln -s /etc/pki/tls/private/2021-03-25-wildcard.example.com.key /etc/pki/tls/private/wildcard.example.com.key

In your Apache config, then you can use

SSLCertificateFile /etc/pki/tls/certs/wildcard.example.com.crt
SSLCACertificateFile /etc/pki/tls/certs/wildcard.example.com.ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard.example.com.key

To remove the symlinks:

# rm /etc/pki/tls/certs/wildcard.example.com.crt
# rm /etc/pki/tls/certs/wildcard.example.com.ca.crt
# rm /etc/pki/tls/private/wildcard.example.com.key

Then re-create them as shown above, with the new filenames.