Apache HTTP Server
SecTrail CM establishes agent-less connections to Apache HTTP Servers to enable automatic deployment and renewal of SSL certificates.
Connection Requirementsβ
| Requirement | Detail | Description |
|---|---|---|
| Protocol | SSH (Secure Shell) | Secure remote connection protocol |
| Port | 22 | Standard SSH port or custom port |
| Authentication | SSH Key or Password | Authentication with SSH key or password |
| User Permission | Configuration read/write permission | Access and edit permission for Apache config files |
Automatic Operationsβ
SecTrail CM automatically performs the following operations on Apache HTTP Server:
- Certificate and Key Upload: Secure transfer of SSL certificate, private key, and chain file
- Configuration Update: Updating Apache VirtualHost SSL directives
- Configuration Test: Syntax check and validation
- Service Reload: Seamless reloading of Apache service
Configuration Stepsβ
1. Create Apache Linux Userβ
Navigate to Automation > Device Users and create a user for Apache.
2. Add Apache Device to SecTrail CMβ
Click Automation > Devices > Add New Device button and enter the following information:
- Name: Give a descriptive name for the device
- Device Users: Select the user you created in Step 1
- IP: Enter the IP address of the Apache server
- Device Type: Select
Apache Linuxfrom the dropdown menu - Become Method: Select privilege escalation method
- Custom Path: Enter the path to the Apache binary file (e.g.,
/usr/sbin/apachectl)
After the Apache device is added to SecTrail CM, IP addresses and ports of all Virtual Hosts defined on the device are automatically included in the discovery period and regularly scanned.
3. View Device Informationβ
After adding a device, it will be displayed in the Automation > Devices list. Click on the row to view device details:
- Port: Ports Apache is listening on (e.g.,
*:443,*:444) - Server Name: VirtualHost server name or
*(all hosts) - Configurations: Apache configuration file path (e.g.,
/etc/httpd/conf.d/cm-ssl.conf) - Others: Current SSL configuration details
- Deploy: For certificate deployment
Certificate Deploymentβ
Step 1: Virtual Host and Certificate Selectionβ
- Select your Apache device from the Automation > Devices section
- In the device details, find the Virtual Host you want to deploy a certificate to
- Click the Deploy button on the relevant row
- In the Deploy Certificate window that opens:
- Virtual Servers: Target Virtual Host information is displayed (IP, port, server name)
- Certificate: Select the certificate you want to deploy from the dropdown menu
Step 2: Start Deployment Processβ
Click the Deploy button to start the certificate deployment process.
Step 3: Process Trackingβ
The deployment process can be tracked from the Automation > Processes section:
Process Detailsβ
The following steps are performed during deployment:
| Step | Process Description |
|---|---|
| 1 | Certificate, key, and chain files are uploaded to the server |
| 2 | Current certificate files are backed up |
| 3 | New certificate configuration is applied |
| 4 | Apache service is reloaded |
Rollback Processβ
If problems occur after certificate deployment, the Manual Rollback feature can be used.
If an error occurs during any step of the deployment process, the system automatically performs the rollback operation and all changes are reverted.
Rollback Stepsβ
- Navigate to Automation > Processes
- Find the process you want to roll back
- Use the Manual-Rollback option in the Status column
- Confirm
Operations During Rollbackβ
| Step | Operation |
|---|---|
| 1 | New configuration is removed |
| 2 | Backed up certificate files are restored |
| 3 | Newly uploaded certificate, key, and chain files are deleted |
| 4 | Apache service is reloaded |