These steps are used to generate a CSR to get the SSL certificate signed with verisign. The filenames used are just examples.
$ /usr/bin/openssl genrsa -rand /dev/urandom -out <web_root>/domain_name.key 2048
$ /usr/bin/openssl req -new -key <web_root>/domain_name.key -out <web_root>/domain_name.csrCountry Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:<make sure it matches exactly with your domain>
Email Address []:
Create the certificate without passphrase if you dont want passphrase to be prompted for every webserver restart.
Upload the CSR to the Certificate Authority and get the signed certificate and save it as domain_name.crt. If it is from verisign get both intermediate certificates and add it to a file (eg: intermediate.ca.crt)
In virtual host configuration
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA!EXP-RC2-CBC-MD5!EXP-RC4-MD5
SSLCertificateFile <web_root>/domain_name.crt
SSLCertificateKeyFile <web_root>/domain_name.key
SSLCACertificateFile <web_root>/intermediate.ca.crt
Restart webservice and verify the certificate, you may use the verisign cert checker (https://ssl-tools.verisign.com/#certChecker)
Leave a Reply