Internal Installing Apache SSL Certs

From GrandCare Systems

Revision as of 20:22, 4 January 2013 by Tmosey (talk | contribs) (Formatting)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Load StartSSL trusted login cert into browser (Located on Password Gorilla)

Login and choose the certificate wizard (verify domain if required)

Skip automatic cert generation in the wizard

SSH into the server and run in /etc/ssl

wget https://www.startssl.com/certs/ca.pem

wget https://www.startssl.com/certs/sub.class1.server.ca.pem\

Generate the request

openssl req -new -newkey rsa:2048 -nodes -keyout fqdn.key -out fqdn.csr

Set the server domain name for CN

Copy server.csr into StartSSL's Cert Wizard

Wait for verification (check support mailing list)

Follow the instructions in the email and create fqdn.crt

Rename the fqdn.key and fqdn.crt to the common name

Modify /etc/ssl/apache.conf to read like this

SSLEngine On

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateChainFile /etc/ssl/sub.class1.server.ca.pem

SSLCACertificateFile /etc/ssl/ca.pem

SSLCertificateFile /etc/ssl/certs/<common name>.crt

SSLCertificateKeyFile /etc/ssl/private/<common name>.key

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

Restart the apache server daemon

/etc/init.d/apache2 restart

Retrieved from "https://help.grandcare.com/index.php?title=Internal_Installing_Apache_SSL_Certs&oldid=3052"