Make a SSL Certificate Request and Install the Certificate Using Apache on Linux

I used the guides at Verisign and a forum post at Tech Arena.

It’s actually quite easy, you just need to know what commands to type. First you need to set up a virtual host in Apache and put in your content etc. The commands listed below do require some input so just fill in the details correctly.

Generate the private key:

openssl genrsa -des3 -out www.sitename.com.key 1024

Generate the certificate signing request from the private key:

openssl req -new -key www.sitename.com.key -out www.sitename.com.csr

Now send this certificate signing request to your certificate authority with your details (to Verisign/GoDaddy etc). They will send you back a .crt file, which is the certificate you need to install.

If you want to start Apache automatically, without having to enter the passphrase for the private key each time, you will need to do a couple more commands to create an unencrypted key. You can do this earlier but it’s good to have both versions of the key:

mv www.sitename.com.key www.sitename.com.key.has-passphrase
openssl rsa -in www.sitename.com.key.has-passphrase -out www.sitename.com.key

Now put the .crt and .key in a folder and point to them in the apache .conf file of the virtual host e.g.

<VirtualHost ip.add.re.ss:443>
… some config like DocumentRoot , etc..
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.sitename.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.sitename.com.key
</VirtualHost>

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>