Difference between revisions of "Internal Installing Apache SSL Certs"

From GrandCare Systems
Jump to navigation Jump to search
(Formatting)
Line 7: Line 7:
*SSH into the server and run in ''/etc/ssl''
*SSH into the server and run in ''/etc/ssl''


wget https://www.startssl.com/certs/ca.pem
<code>
wget https://www.startssl.com/certs/sub.class1.server.ca.pem
wget https://www.startssl.com/certs/ca.pem
# Generate the request
 
openssl req -new -newkey rsa:2048 -nodes -keyout fqdn.key -out fqdn.csr
wget https://www.startssl.com/certs/sub.class1.server.ca.pem\
</code>
 
*Generate the request
 
<code>openssl req -new -newkey rsa:2048 -nodes -keyout fqdn.key -out fqdn.csr</code>


*Set the server domain name for CN
*Set the server domain name for CN
Line 16: Line 21:
*Copy server.csr into StartSSL's Cert Wizard
*Copy server.csr into StartSSL's Cert Wizard


*Wait for verification
*Wait for verification (check support mailing list)


*Follow the instructions in the email and create ''fqdn.crt''
*Follow the instructions in the email and create ''fqdn.crt''
Line 22: Line 27:
*Rename the ''fqdn.key'' and ''fqdn.crt'' to the common name
*Rename the ''fqdn.key'' and ''fqdn.crt'' to the common name


*Modify ''/etc/ssl/apache.conf'' to read like this
*Modify /etc/ssl/apache.conf to read like this
 
<code>
SSLEngine On


SSLEngine On
SSLProtocol all -SSLv2
SSLProtocol all -SSLv2
 
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateChainFile /etc/ssl/sub.class1.server.ca.pem
 
SSLCACertificateFile /etc/ssl/ca.pem
SSLCertificateChainFile /etc/ssl/sub.class1.server.ca.pem
SSLCertificateFile /etc/ssl/certs/<common name>.crt
 
SSLCertificateKeyFile /etc/ssl/private/<common name>.key
SSLCACertificateFile /etc/ssl/ca.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
 
SSLCertificateFile /etc/ssl/certs/<common name>.crt
 
SSLCertificateKeyFile /etc/ssl/private/<common name>.key
 
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</code>


*Restart the apache server daemon
*Restart the apache server daemon
<code>/etc/init.d/apache2 restart</code>

Revision as of 20:22, 4 January 2013

  • Load StartSSL trusted login cert into browser (Located on Password Gorilla)
  • Login and choose the certificate wizard (verify domain if required)
  • Skip automatic cert generation in the wizard
  • SSH into the server and run in /etc/ssl

wget https://www.startssl.com/certs/ca.pem

wget https://www.startssl.com/certs/sub.class1.server.ca.pem\

  • Generate the request

openssl req -new -newkey rsa:2048 -nodes -keyout fqdn.key -out fqdn.csr

  • Set the server domain name for CN
  • Copy server.csr into StartSSL's Cert Wizard
  • Wait for verification (check support mailing list)
  • Follow the instructions in the email and create fqdn.crt
  • Rename the fqdn.key and fqdn.crt to the common name
  • Modify /etc/ssl/apache.conf to read like this

SSLEngine On

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateChainFile /etc/ssl/sub.class1.server.ca.pem

SSLCACertificateFile /etc/ssl/ca.pem

SSLCertificateFile /etc/ssl/certs/<common name>.crt

SSLCertificateKeyFile /etc/ssl/private/<common name>.key

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

  • Restart the apache server daemon

/etc/init.d/apache2 restart

Retrieved from "https://help.grandcare.com/index.php?title=Internal_Installing_Apache_SSL_Certs&oldid=3052"