Difference between revisions of "SSL Certificate"

Revision as of 14:06, 16 July 2012

An SSL certificate is required for a secure connection to the web server. Your URL will be prefixed with https:// instead of http://

Generate Certificate request file

If you want to install an SSL certificate you will need to generate a private key and a certificate request file (.CSR). Login as root to the server and create the folder:

/etc/apache2/ssl</pr>

Run command:

<pre>openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

where server is the name of your server.

This begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl.

When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing. If you are generating an Apache CSR for a Wildcard SSL Certificate your common name should start with an asterisk (such as *.example.com).

You will then be prompted for your organizational information, beginning with geographic information. There may be default information set already. Don't set a challenge password.

This will then create your openssl .csr file which you can use to order your certificate.

Installing the certificate

To enable the SSL module for apache run the command:

a2enmod ssl

Then make a new virtual host file:

cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/001-ssl

Edit the new file to and change the port number on top:

<VirtualHost *:443>

At the end just before </VirtualHost> add:

SSLEngine On
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCACertificateFile /etc/apache2/ssl/CAroot.crt

You should get the server.crt and CARoot.crt from the SSL authority.