Home Technical Articles SSL certificate installation using Openssl
Technical Articles

SSL certificate installation using Openssl

by SupportPRO Admin
written by SupportPRO Admin

In order to get a valid SSL certificate, you will need to generate a CSR that a certificate signing authority (such as Verisign or Thawte) will request. You have to determine the URL for the secured web site – this should be a Fully Qualified Domain Name (FQDN), i.e. if you want to access your secured website through https://www.example.com/, then the FQDN of your website is www.example.com
Select a few large and relatively random files on your server – compressed log files are a good start. These will act as your random seed enhancers. We refer to these as file1:file2:…:file5 below. Generate a key with the following command:

$ openssl genrsa -des3 -out www.example.com.key 1024
This will generate an 1024 bit RSA Private Key and store it in the www.example.key file. This command will also ask you for a pass phrase. Use something secure and remember it – you will need this pass phrase below. You will not be able to use the key or the certificate without the proper pass phrase.
Generate the CSR with the following command:
$ openssl req -new -key www.example.com.key \
-out www.example.com.csr
This command will generated a CSR and store it in the www.example.com.csr file. This command will also prompt you for the X.509 attributes of your certificate. Remember to give the name FQDN when prompted for Common Name. The CSR should look something like this:
—–BEGIN CERTIFICATE REQUEST—–
MIIDRzCCArCgAwIBAgIDH/IaMA0GCSqGSIb3DQEBBAUAMIHEMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB
MSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wNDA0
MzAyMjUwMzNaFw0wNTA1MTUwOTIxNTFaMGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
EwpOZXcgSmVyc2V5MRMwEQYDVQQHEwpIYWNrZW5zYWNrMRcwFQYDVQQKEw5TdXJm
WHByZXNzIExMQzEYMBYGA1UEAxMPd3d3LnN
—–END CERTIFICATE REQUEST—–
You can submit this CSR to any certificate signing authority.

Installation
When you receive your SSL certificate from the certificate signing authority, name it www.example.com.crt and store it in /home/www.example.com/ssl. Then, you need to insert the following in the Appache configuration file at /etc/httpd/httpd.conf: (you need to become root to edit this file)
DocumentRoot /path/to/website
SSLEngine on
SSLCertificateFile /path/to/www.example.com.crt
SSLCertificateKeyFile /path/to/www.example.com.de.key
Where xxx.xxx.xxx.xxx is the IP address of the web site.
In order to avoid having to supply the pass phrase everytime the web server restarts, do this:
$ openssl rsa -in www.example.com.key \
-out www.example.com.de.key
Lastly, restart the web server by:
# /etc/init.d/httpd stop
# /etc/init.d/httpd start

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Using Cloudflare Turnstile as a CAPTCHA Alternative

Enhancing WordPress Performance with AccelerateWP

Ionice Command: Set I/O Scheduling Class and Priority

Outgoing mail issue in Qmail using configured SMTP...

Heroku

Phusion Passenger Server Explained 

CyberPanel Migration

Mail Assure

How to repair boot failure in GRUB 2...

Amazon IVS

Leave a Comment

CONTACT US

Sales and Support

Phone: 1-(847) 607-6123
Fax: 1-(847)-620-0626
Sales: sales@supportpro.com
Support: clients@supportpro.com
Skype ID: sales_supportpro

Postal Address

1020 Milwaukee Ave, #245,
Deerfield, IL-60015
USA

©2022  SupportPRO.com. All Rights Reserved

X-twitter Facebook Linkedin Rss