News & Info

CSA Daily Updates and Tech Chatter

Creating and Installing SSL Certs via SSH

By February 20, 2008 blog, Security, SSH Comments Off

Certificate Signing Request (CSR)

Apache + Open SSL

Login as root
cd /usr/bin/ (/your path to openssl/)
openssl genrsa -des3 -out <name_of_your_certificate>.key 1024

You will need to enter a passphrase for your key here, and then enter it again in the next step.

openssl req -new -key <name_of_your_certificate>.key -out <name_of_your_certificate>.csr

At this point you’ll have to enter information about the site/owner of the SSL cert. Keep in mind that the common name (CM) is actually the address of the site (without http://, etc), and that each cert is only for one host. IE: yoursite.com is not the same as www.yoursite.com. Some certs can be created with multiple/alternative common names.

You’ll need the contents of the csr file to create the cert on godaddy or whichever cert site you’re using. Either download it or VI, and copy and paste the contents.

Installing SSL Certificate and the Intermediate Certificate

Once you’ve gotten the actual certs from the cert site (CRT files), you’ll need to upload them onto the server. You can put them wherever you want, but try to keep things organized because you’ll need to reference them later.

Next you’ll need to edit your conf files. In Apache 1.x this will be httpd.conf, Apache2 will most likely be ssl.conf (or some variation thereof), if the server is using virtual hosts there will be either separate conf files for each host, or seperate entries for each host within the ssl.conf or httpd.conf.
Either add, or uncomment these lines:

SSLCertificateFile /path/to/your/certificate/file

this is the CRT file provided by the cert site

SSLCertificateKeyFile /path/to/your/key/file

this is the KEY file you created previously

SSLCertificateChainFile /path/to/intermediate/bundle/file

an intermediate CRT file also provided by the cert site, this file is only required by certain cert providers

Server Restart

Next you’ll need to restart the web server, this can be done in numerous ways, but if you need to restart via SSH use the command:

apachectl -k graceful

This will restart the server and also allow any connections currently in place to finish. You may need to perform the restart twice, and enter the passphrase that you created your original key file with.

Tags: , , , ,

About Lance Cleveland

I started my high-tech career in the early 80's as a computer technician. I became a lead engineer at a Boston area database company a few years later. When the Internet was just starting to show up on people's radar I quit my corner-office job and founded ProActive Web Marketing, my first start up company. That was the genesis of several successful start up companies including Time Magazine award winner The Lobster Net. After brief retirement in my mid-30s I co-founded the software consulting firm, Cyber Sprocket Labs. In addition to being "man of all hats" at Charleston Software Associates, I currently serve on the board or as technical adviser for several companies including Musiplicity, Model Locate, and Advanced Media Ltd. In the past I consulted for Data General, Kimberly Clark, Kraft, Philip Morris, Rich Foods, Telefonica, Aribtron, and a half-dozen other Fortune 500 companies. I've appeared as a keynote speaker for the USVI Economic Development Summit, showed up as a lead interviewee for Microsoft infomercials, and have been a cited performance advertising, Internet retail, and cybercrime expert in The Wall Street Journal and New York Times. I currently spend most of my time hanging with friends & family while hacking WordPress plugins. ### Code geek. Dad. Husband. Rum Lover. Not necessarily in that order.
View all posts by Lance Cleveland

Socialize

Enter your email below to sign up for the monthly Store Locator Plus newsletter. Click the Facebook icon to get almost-daily updates on what I'm working on now. The RSS feed icon will bring my bi-weekly blog posts to your feed reader.

Related Posts:

Comments are closed.