SSL Apache configuration under *Nix distribution

In this case you will deal with 3 types of files :

*.csr => file contains the CSR code that you need to submit to the authority that will issue the certificate . During certificate activation specially for wildcard please define  under Common Name (eg, your name or your server’s hostname) []:*.domain.tdl
*.key => file is the Private Key which is generated during the request of the crs file. This key will be used for decryption during communication between Client and Server (please keep safe you private key and never make it public)
*.crt => The authority that is issuing the certificate will send you different files such as ServerCA, TrustedCA, CARoot etc. This is you certificate and is used for validation. This can be bundle in one file if needed or can be downloaded from the registrar.
Hashing algorithm SH1 is obsolete and SHA-2  up to 2048 is strongly recommend.
3 steps to install the certificate:

  1. Generate a CSR run the command below in terminal: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
  2. Submit the request  (contet of server.csr genreated at step 1)to the issuer of the certificate
  3. Once the code you need to edit the Appache Virtual Host files as follows

Fedora/CentOS/RHEL: /etc/httpd/conf/httpd.conf

Debian and Debian based: /etc/apache2/apache2.conf

 

Listen 443

<VirtualHost _default_:443>

DocumentRoot “/var/www”

ServerName *your_domain_name*

SSLEngine on

SSLCertificateFile “/ssl/*your_domain_name*.crt”

SSLCertificateKeyFile “/ssl/*your_private_key*.key”

SSLCACertificateFile “/ssl/bundle.crt”

</VirtualHost>

 

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply