Internal Installing Apache SSL Certs

From GrandCare Systems

Revision as of 20:09, 4 January 2013 by Tmosey (talk | contribs) (Dumping instructions)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Load StartSSL trusted login cert into browser

Login and choose the certificate wizard (verify domain if required)

Skip automatic cert generation in the wizard

SSH into the server and run in /etc/ssl

wget https://www.startssl.com/certs/ca.pem

wget https://www.startssl.com/certs/sub.class1.server.ca.pem

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Set the server domain name for CN

Copy server.csr into StartSSL's Cert Wizard

Wait for verification

Follow the instructions in the email and create server.crt

Rename the server.key and server.crt to the common name

Modify /etc/ssl/apache.conf to read like this

SSLEngine On

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateChainFile /etc/ssl/sub.class1.server.ca.pem

SSLCACertificateFile /etc/ssl/ca.pem

SSLCertificateFile /etc/ssl/certs/<common name>.crt

SSLCertificateKeyFile /etc/ssl/private/<common name>.key

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

Restart the apache server daemon

Retrieved from "https://help.grandcare.com/index.php?title=Internal_Installing_Apache_SSL_Certs&oldid=3044"