Digi-Sign, The Certificate Corporation
Published on Digi-Sign, The Certificate Corporation (http://www2.digi-sign.com)

Home > User Instructions for Apache

By Digi-Sign
Created Feb 22 2008 - 11:55

User Instructions for Apache

Apache User Instructions

PDF [1] All instructions to the DSSA™ in the Linux® environment use command prompts. Due to the simplistic functions of the DSSA™, once installed and initialised, there are very few commands that can be executed.


Important note: There is no command prompt to renew an existing SSL on the server. DSSA™ automatically detects all existing SSLs on the server and automatically renews these unless instructed to the contrary. Therefore, by installing DSSA™ you must ensure that you want all the SSLs on the system to be renewed automatically. To disable a specific SSL, use the ‘Disable’ command (see sub section 5.1.1.3

This limited set of commands not only makes the DSSA™ simple to use, it also make the application more secure. Any attempt to send unrecognised or incorrectly constructed command prompts are simply rejected by the DSSA™. The following are the correct command prompt instructions for the main DSSA™ functions:

  • List_All
  • To view all of the SSLs installed on the particular machine, follow these instructions:

    Change working directory:

    cd /usr/local/dssa/bin

    ./dssa -list_all

    This will provide you with a list of all the SSLs on the system, regardless of their life cycle status (i.e. currently valid and in date, expired and out of date, revoked, etc). Here is a sample list and explanations for each one:

    >www.domain-one.com –v SSL is valid and in date
    >www.domain-two.com –v
    >www.domain-three.com –e SSL has expired
    >www.domain-four.com –r SSL was revoked by DSSA™ command prompt
    >www.domain-one.com –v
    >www.domain-one.com –d DSSA™ disabled for this hostname and will not be renewed until enabled again

    Important Note: The DSSA™ will only automatically renew SSLs that are valid at the exact time that the DSSA™ is installed and initialized. To enable the DSSA™ to replace an expired SSL with a new SSL, use the ‘Renew’ command prompt.

  • Add_New Renew
  • To add a new SSL to the server, type the following commands:

    Change working directory:

    cd /usr/local/dssa/bin

    ./dssa -req -new -config-section [virtual_host_name:port] -cn [www.domain.com]

  • Disable Renew
  • To disable the renewal of an existing SSL on the server, type the following commands:

    Change working directory:

    cd /usr/local/dssa/bin

    ./dssa -disable-ssl -config-section [virtual_host_name:port]

  • Enable Renew
  • To enable the renewal of an existing SSL on the server that was previously disabled or had expired prior to the installation of the DSSA™, type the following commands:

    Change working directory:

    cd /usr/local/dssa/bin

    ./dssa -enable-ssl -config-section [virtual_host_name:port]

  • Renew
  • To force an immediate renewal of an existing SSL on the server, use the following commands:

    Change working directory:

    cd /usr/local/dssa/bin

    ./dssa ./dssa -req -renew -config-section [virtual_host_name:port]

  • AACD™

Source URL: http://www2.digi-sign.com/aacd/dssa/apache%20instructions

Links:
[1] https://www.digi-sign.com/downloads/download.php?id=aacd-digi-ssl-pdf