-
Create an SSL key to use to generate the certificate signing request
(Save this, you’ll need it to install the certificate). To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:
openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .....................++++++ .................++++++ unable to write 'random state' e is 65537 (0x10001) Enter pass phrase for server.key:
Now we’ll remove the passphrase from the key, so that you don’t have to enter this passphrase whenever you restart Apache:
openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key
-
Generate a certificate signing request
openssl req -new -key server.key -out server.csr
You can now submit this CSR file to a Certificate Authority (CA) for processing. The CA will use this CSR file and issue the certificate. -
Purchase an SSL certificate
You will be asked to supply the CSR that you generated in #2. -
Install the SSL key from #1, the SSL certificate from #3, and the SSL issuer root certificates (aka “bundle” or “chain”).
On an Ubuntu server, I usually upload the files here:
/etc/apache2/ssl/domain.com.key /etc/apache2/ssl/domain.com.crt /etc/apache2/ssl/domain.com.bundle
-
Modify your Apache vhost
Note: Apache only supports one SSL vhost per IP address.
Replace {ip_address} with the public IP address of the server:
<VirtualHost {ip_address}:443> DocumentRoot /var/www/vhosts/domain.com SSLEngine on SSLVerifyClient none SSLCertificateFile /etc/apache2/ssl/domain.com.crt SSLCertificateKeyFile /etc/apache2/ssl/domain.com.key SSLCertificateChainFile /etc/apache2/ssl/domain.com.bundle <Directory /var/www/vhosts/domain.com> AllowOverride All order allow,deny allow from all Options -Includes -ExecCGI AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml application/x-javascript </Directory> </VirtualHost>
-
Restart Apache
/etc/init.d/apache2 restart
Tuesday, 26 June 2012
How to install an SSL certificate for Apache, from start to finish
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment