An SSL certificate is necessary for more than just distributing the public key: if it is signed by a trusted third-party, it verifies the identity of the server so clients know they aren’t sending their information (encrypted or not) to the wrong person. So what is a self-signed certificate? It is a certificate that is signed by itself rather than a trusted third party. This is not a good idea for most business use cases. You will almost never want to use a self-signed certificate on a public Apache server that requires anonymous visitors to connect to your site because they could easily become a victim of a man-in-the-middle attack. There are a limited number of situations in which a self-signed certificate may prove adequate:
...
In other words, when deploying your SoftNAS server into an enterprise use case, it may be required (or at least strongly recommended) that you switch the default self-signed certifications for your own enterprise certifications.
Purpose
This article provides the steps required in order to provide your own certifications to your SoftNAS instance.
Resolution
If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must add a trusted root certificate manually.
...
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
Change the paths to match where the Key file is stored. If you've used the method above it will be:SSLCertificateFile /etc/pki/tls/certs/ca.crt
Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Quit and save the file and then restart Apache.service httpd restart
Notes/Additional Info:
- It is HIGHLY recommended to add the certificates before configuring replication to avoid any SnapReplicate™ interruption, as changing the keys will deactivate replication.
- In case there is a need to change the keys after configuring SnapReplicate™:
...