09 Sep 2010 
Support Center » Knowledgebase » How to generate your RSA & CSR keys for Apache using SSH
 How to generate your RSA & CSR keys for Apache using SSH
Solution

This tutorial will show you how to manually generate your RSA private key and in turn generate your CSR (Certificate Signing Request) for Apache. This is a rather complicated procedure, so if your in any doubt please contact your web hosting provider. FrozenWeb accepts NO responsibility for any damage done to your installation.

Assuming you have apache and openssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR.

This tutorial will use www.yourdomain.com as an example, you of course should enter your own domain name.

**PLEASE NOTE** if you wish your visitors to use https://www.yourdomain.com be sure to enter the "www" When generating your key pair. If you wish your visitors to use https://yourdomain.com you must leave out the "www". SSL Certificates may also be installed on sub-domains. If you require this you can use for example secure.yourdomain.com as your domain name / common name.

First login to your server as root via SSH

Generating RSA & CSR (Signing Request)

# cd /etc/httpd/conf/ssl.key

# openssl genrsa -out www.yourdomain.com.key 1024

Generating the CSR using the RSA Private Key you have just generated

# cd /etc/httpd/conf/ssl.csr

# openssl req -new -key www.yourdomain.com.key -out www.yourdomain.com.csr

You will be asked to enter your Common Name, Organization, Organization Unit, City or Locality, State or Province and Country.
Do not enter these characters '< > ~ ! @ # $ % ^ * / ( ) ?.,&' because they will not be accepted.

Common Name: the domain for the web server (e.g. www.yourdomain.com)
Organization: the name of your organization (e.g. Company Name)
Organization Unit: the section of the organization (e.g. Sales)
City or Locality: the city where your organzation is located (e.g. London)
State or Province: the state / province where your organzation is located (e.g )
Country: the country where your organzation is located (e.g GB) **NOTE the use of GB rather than UK when in the United Kingdom**

You may be asked for a challenge password. You can skip this by just hitting enter

Now you should have:

/etc/httpd/conf/ssl.key/www.yourdomain.com.key
/etc/httpd/conf/ssl.csr/www.yourdomain.com.csr

Make a backup copy of your private key! If you lose it, you will have to purchase a new SSL Certificate!

You can now view your CSR by:

# more www.youromain.com.csr

Copy and paste your CSR into the account manager at https://secure.frozenweb.co.uk and follow the instructions on screen. Once your CSR has been submitted to GeoTrust for validation, it should take no longer than 15min for your account to be updated with your SSL Certificate.

Installing the SSL Certificate for Apache

# cd /etc/httpd/conf/ssl.crt

Copy the certificate from your account into a file called www.yourdomain.com.crt
Open your httpd.conf file and place the following code in your virtualhost

<IfDefine SSL>
<VirtualHost 12.34.56.87:443> **ENTER YOUR OWN DEDICATED IP ADDRESS**
ServerAdmin …your details…
DocumentRoot …your details….
ServerName www.yourdomain.com
SSLEnable
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.yourdomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.yourdomain.com.key
</VirtualHost>
</IfDefine>

Restart apache
# /etc/rc.d/init.d/httpd restart

You should now be able to access https://www.yourdomain.com



Article Details
Article ID: 162
Created On: 22 Nov 2005 09:39 PM

 Back
 Login  
Username:
Password:
Remember Me:
 
 Search
 Article Options
 Print Article
 PDF Version
 Email Article
 Add to Favorites
Home | Submit a Ticket | Knowledgebase | News
Language:

Help Desk Software By Kayako SupportSuite v3.40.01