Difference between revisions of "Internal Installing Apache SSL Certs"
Jump to navigation
Jump to search
Line 32: | Line 32: | ||
==== Notes ==== | ==== Notes ==== | ||
Copy the | Copy the private key to Password Gorilla |
Revision as of 20:34, 4 January 2013
- Load StartSSL trusted login cert into browser (Located on Password Gorilla)
- Login and choose the certificate wizard (verify domain if required)
- Skip automatic cert generation in the wizard
- SSH into the server and run in /etc/ssl
wget https://www.startssl.com/certs/ca.pem wget https://www.startssl.com/certs/sub.class1.server.ca.pem
- Generate the request
openssl req -new -newkey rsa:2048 -nodes -keyout fqdn.key -out fqdn.csr
- Set the server domain name for CN
- Copy server.csr into StartSSL's Cert Wizard
- Wait for verification (check support mailing list)
- Follow the instructions in the email and create fqdn.crt
- Rename the fqdn.key and fqdn.crt to the common name
- Modify /etc/ssl/apache.conf to read like this
SSLEngine On SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateChainFile /etc/ssl/sub.class1.server.ca.pem SSLCACertificateFile /etc/ssl/ca.pem SSLCertificateFile /etc/ssl/certs/<common name>.crt SSLCertificateKeyFile /etc/ssl/private/<common name>.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
- Restart the apache server daemon
/etc/init.d/apache2 restart
Notes
Copy the private key to Password Gorilla