In order to get a valid SSL certificate, you will need to generate a CSR that a certificate signing authority (such as Verisign or Thawte) will request. You have to determine the URL for the secured web site – this should be a Fully Qualified Domain Name (FQDN), i.e. if you want to access your secured website through https:\/\/www.example.com\/, then the FQDN of your website is www.example.com
\nSelect a few large and relatively random files on your server – compressed log files are a good start. These will act as your random seed enhancers. We refer to these as file1:file2:…:file5 below. Generate a key with the following command:<\/p>\n
<\/p>\n
$ openssl genrsa -des3 -out www.example.com.key 1024
\nThis will generate an 1024 bit RSA Private Key and store it in the www.example.key file. This command will also ask you for a pass phrase. Use something secure and remember it – you will need this pass phrase below. You will not be able to use the key or the certificate without the proper pass phrase.
\nGenerate the CSR with the following command:
\n$ openssl req -new -key www.example.com.key \\
\n-out www.example.com.csr
\nThis command will generated a CSR and store it in the www.example.com.csr file. This command will also prompt you for the X.509 attributes of your certificate. Remember to give the name FQDN when prompted for Common Name. The CSR should look something like this:
\n—–BEGIN CERTIFICATE REQUEST—–
\nMIIDRzCCArCgAwIBAgIDH\/IaMA0GCSqGSIb3DQEBBAUAMIHEMQswCQYDVQQGEwJa
\nQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
\nBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
\naW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB
\nMSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wNDA0
\nMzAyMjUwMzNaFw0wNTA1MTUwOTIxNTFaMGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
\nEwpOZXcgSmVyc2V5MRMwEQYDVQQHEwpIYWNrZW5zYWNrMRcwFQYDVQQKEw5TdXJm
\nWHByZXNzIExMQzEYMBYGA1UEAxMPd3d3LnN
\n—–END CERTIFICATE REQUEST—–
\nYou can submit this CSR to any certificate signing authority.<\/p>\n
Installation
\nWhen you receive your SSL certificate from the certificate signing authority, name it www.example.com.crt and store it in \/home\/www.example.com\/ssl. Then, you need to insert the following in the Appache configuration file at \/etc\/httpd\/httpd.conf: (you need to become root to edit this file)
\nDocumentRoot \/path\/to\/website
\nSSLEngine on
\nSSLCertificateFile \/path\/to\/www.example.com.crt
\nSSLCertificateKeyFile \/path\/to\/www.example.com.de.key
\nWhere xxx.xxx.xxx.xxx is the IP address of the web site.
\nIn order to avoid having to supply the pass phrase everytime the web server restarts, do this:
\n$ openssl rsa -in www.example.com.key \\
\n-out www.example.com.de.key
\nLastly, restart the web server by:
\n# \/etc\/init.d\/httpd stop
\n# \/etc\/init.d\/httpd start<\/p>\n
If you require help, contact SupportPRO Server Admin<\/a><\/p>\n
![\"Server](\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b.png\")
<\/a><\/span>