Apache prerequisite configuration

To enable Trust Protection Platform to provision certificates on Apache application servers, you must complete the following procedure.

NOTE  If you want to configure remote key generation using an HSM, you must activate Venafi Advanced Key Protect, an optional add-on feature to Venafi Trust Protection Platform. For more information, see Venafi Advanced Key Protect.

To enable Trust Protection Platform to provision certificates on Apache application servers

  1. Configure SSL on the server.

    To use SSL with your Apache web server, you must have ModSSL and OpenSSL installed on your Apache server.

    IMPORTANT  Before Trust Protection Platform can manage certificates on an Apache application server installed on Linux or Windows, you must enable SSL on the server. This procedure can vary, depending on whether or not you want Trust Protection Platform to provision your certificates. Refer to your Apache, Linux, or Windows documentation for more information.

  2. (Conditional) If the Apache application server installed on Linux or Windows has secure virtual hosts, provide an IP address for each.

    Trust Protection Platform supports both IPv4 or IPv6 connections.

    Because SSL does not support name-based virtual hosts, SSL cannot be configured on name-based virtual hosts unless these virtual hosts use different SSL ports.

    For more information, see your Apache, Linux, or Windows documentation.

  3. Grant the following permissions to the user account that Trust Protection Platform uses to authenticate to the Apache application server on Linux or Windows:

    • Read and Write access to the certificate, private key, and root certificate chain directories. These directories are defined in the Apache Application object. For more information, see Creating an Apache application object.
    • Read and Write access to the temp Directory defined in the Device object. For more information, see Managing device objects.

  4. Open the SSH port.

    Trust Protection Platform uses the Secure Shell (SSH) protocol to manage certificates on an Apache application server installed on Linux or Windows; therefore, Trust Protection Platform must have access to the web server’s SSH port. The default SSH port is port 22.

  5. In Policy Tree, create a Device object for the Linux or Windows server where the Apache application is installed.

    For more information, see Managing device objects.

  6. In Policy Tree, create and configure an Apache application object for the Apache application server installed on Linux or Windows.

    For more information on creating Application objects, see Managing application objects. For details on the object’s settings, see Creating an Apache application object.

  7. In Policy Tree, associate the Apache application object with the certificates installed on the Linux or Windows server.

    For more information, see Associating certificates with applications.