How to install SSL certificates on ClearOS

2021-07-20: WikiSuite will now support all major Linux distros. Thus, the information below is no longer updated. It may still be valid, or not. It will be eventually removed from this site, so anything relevant should be moved to the appropriate site. For anything related to ClearOS, please search among the following: ClearOS site, code base, Developer docs, Wiki or forum.

Please contact us if you would like to help out.

You probably want this instead: How to install Let's Encrypt SSL certificates on ClearOS

Instructions below are for a manual install of SSL certificates.

These are instructions to set up with Gandi.net, and the instructions will be similar for any SSL provider. You need to make sure your domain name is set first


Generate CSR

In a safe directory (not web accessible)

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

Do not set a password on your certificate, as this will force you to enter the password every time Apache is restarted.

The generated csr is to be supplied to SSL certificate provider.

SSL certificate provider will then generate and supply 2 or 3 files.

1.1.2. Upload certificates to ClearOS

Upload these files to "System > Settings > Certificate Manager > External Certificates > Add"

ClearOS doesn't support for intermediate certificates yet, so if your SSL provider suggests this, just skip this, and upload the others (Certificate File, Key File and CA File). Don't worry to much though, as this should only affect very old browsers (pre-2010) ClearOS added support.

1.1.3. Configure ClearOS web server to use this SSL

2016 02 28 Ssl Clearos Domain

1.1.4. Test your SSL certificate


1.1.5. Configure Openfire to use this SSL

Please see how to configure SSL for Openfire

Future improvements in ClearOS

  • Add support for intermediate certificates. Ref: https://tracker.clearos.com/view.php?id=7491 done
  • Improve ClearOS to get CSR from the GUI so it becomes ( see also: https://tracker.clearos.com/view.php?id=7921 )
    1. Set domain name, city, etc. via ClearOS gui
    2. Find CSR on ClearOS server and make a copy of all important files (because if you change via GUI, they will be over written)
    3. Use that CSR to make SSL via Gandi (or other SSL provider)
    4. Upload files from SSL provider to ClearOS's GUI
    5. Set ClearOS web server to use this SSL
    6. Configure Openfire to use this SSL