Internal Installing Apache SSL Certs

From GrandCare Systems

Jump to navigation Jump to search

Load StartSSL trusted login cert into browser (Located on Password Gorilla)
Login and choose the certificate wizard (verify domain if required)
Skip automatic cert generation in the wizard
SSH into the server and run in /etc/ssl

wget https://www.startssl.com/certs/ca.pem
wget https://www.startssl.com/certs/sub.class1.server.ca.pem

Generate the request

openssl req -new -newkey rsa:2048 -nodes -keyout fqdn.key -out fqdn.csr

Set the server domain name for CN
Copy server.csr into StartSSL's Cert Wizard
Wait for verification (check support mailing list)
Follow the instructions in the email and create fqdn.crt
Rename the fqdn.key and fqdn.crt to the common name
Modify /etc/ssl/apache.conf to read like this

SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateChainFile /etc/ssl/sub.class1.server.ca.pem
SSLCACertificateFile /etc/ssl/ca.pem
SSLCertificateFile /etc/ssl/certs/fqdn.crt
SSLCertificateKeyFile /etc/ssl/private/fqdn.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

Restart the apache server daemon

/etc/init.d/apache2 restart

Notes

Copy the private key to Password Gorilla

Retrieved from "https://help.grandcare.com/index.php?title=Internal_Installing_Apache_SSL_Certs&oldid=6026"