Internal Installing Apache SSL Certs

From GrandCare Systems
Revision as of 20:09, 4 January 2013 by Tmosey (talk | contribs) (Dumping instructions)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
  • Load StartSSL trusted login cert into browser
  • Login and choose the certificate wizard (verify domain if required)
  • Skip automatic cert generation in the wizard
  • SSH into the server and run in /etc/ssl

wget https://www.startssl.com/certs/ca.pem

wget https://www.startssl.com/certs/sub.class1.server.ca.pem

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

  • Set the server domain name for CN
  • Copy server.csr into StartSSL's Cert Wizard
  • Wait for verification
  • Follow the instructions in the email and create server.crt
  • Rename the server.key and server.crt to the common name
  • Modify /etc/ssl/apache.conf to read like this

SSLEngine On

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateChainFile /etc/ssl/sub.class1.server.ca.pem

SSLCACertificateFile /etc/ssl/ca.pem

SSLCertificateFile /etc/ssl/certs/<common name>.crt

SSLCertificateKeyFile /etc/ssl/private/<common name>.key

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

  • Restart the apache server daemon