Creating CSR and implement in apache – Arun’s blog https://arunns.net Arun's blog Wed, 03 Apr 2013 19:56:21 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.2 Create CSR and implement in apache https://arunns.net/creating-csr-and-implement-in-apache/ https://arunns.net/creating-csr-and-implement-in-apache/#comments Wed, 03 Apr 2013 19:56:21 +0000 http://arunnsblog.com/?p=746 These steps are used to generate a CSR to get the SSL certificate signed with verisign. The filenames used are just examples.

$ /usr/bin/openssl genrsa -rand /dev/urandom -out <web_root>/domain_name.key 2048
$ /usr/bin/openssl req -new -key <web_root>/domain_name.key -out <web_root>/domain_name.csr

Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:<make sure it matches exactly with your domain>
Email Address []:

Create the certificate without passphrase if you dont want passphrase to be prompted for every webserver restart.

Upload the CSR to the Certificate Authority and get the signed certificate and save it as domain_name.crt. If it is from verisign get both intermediate certificates and add it to a file (eg: intermediate.ca.crt)

In virtual host configuration

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA!EXP-RC2-CBC-MD5!EXP-RC4-MD5

SSLCertificateFile <web_root>/domain_name.crt

SSLCertificateKeyFile <web_root>/domain_name.key

SSLCACertificateFile <web_root>/intermediate.ca.crt

Restart webservice and verify the certificate, you may use the verisign cert checker (https://ssl-tools.verisign.com/#certChecker)

]]> https://arunns.net/creating-csr-and-implement-in-apache/feed/ 1