hamdpa wrote on Monday, June 03, 2013:
Hello to all,
I have tried twice to install SSL certificates without success. Could anyone tell me what I’m doing wrong? Areas of doubt have quotation (“). Thank you!!
According to the instructions at OpenEMR/administration/otherthere appear to be 4 parts to the installation;
Part 1:
-
Fill in the form in OpenEMR Administration/Other/Certificates and download the zip file.
-
Unzipp and upload all files to Appliance Server via Webmin to “/etc/apache2”
Part 2: -
Via Webmin go to Server/Apache Webserver/”virtual server(bottom one) 443/SSL Options”
-
Set the following; Enable SSL (Yes), SSL CerificateFile(Certificate/Private Key file) set path to (/etc/apache2/Server.crt), SSL CertificateKeyFile(Private Key File) path to (/etc/apache2/Server.key).
-
“Note: Unable to find where to set SSLCACertificateFile path to etc/apache2/CertificateAuthority.crt”
-
Set Client SSL Certificate dropdown to Required
-
Client certificate depth to 2
-
Leave SSL log file as default
“Note: Instructions read: Add following lines to the Apache configuration file:
SSLVerifyClient require
SSLDepth 2
SSLOptions +StdEnvVars
Has this already been done above? Do not see anything like (SSLOptions +StdEnvVars.)”
Part 3: -
Go to OpenEMR/Globals/Security. “Is this the same as globals.php?”
-
Set the following; Enable Client SSL (check the box), Path to CA Certificate File set path to (etc/apache2/certificateauthority.crt), Path to CA Key File set path to (/etc/apache2/certificateauthority.key)
-
Set email address
-
“Note:Describes importing the admin client certificate to the browser (not sure what browser this is referring to, almost sounds like appliance browser (if so don’t know how to do that) only know how to import to client browser. Doesn’t specify if this should be done to trusted source? Is the admin.p12 the one that’s used for the administrator while the one generated by the Create Client side certificates for non-admin users?”
-
Restart Apache with empty password
Part 4:
-
Go to OpenEMR/Other/Certificates
-
Set same Host name and email and Create Client Side SSL Certificate
-
“Import this Certificate to Client browser or Import admin certificate to client browser?”
Thank you for your help.
Henry