Part 1 – Generate CSR & Obtain Certifcate

  1. Create the CSR
    • openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
  1. Fill in information
    • Common Name: The fully-qualified domain name, or URL, you’re securing.
    • If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *
    • Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.
    • Organization Unit: If applicable, enter the DBA (doing business as) name.
    • City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
    • State or Province: Name of the state or province where your organization is located. Do not abbreviate.
    • Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
  1. Paste the given CSR into the SSL Request Form (enom, godaddy, etc)
  2. Verify the ownership of the domain via email that you will receive from SSL issuer

Part 2 – Install the SSL Certificate

  1. Place the key, cert, and ca-bundle into the SSL folder
    1. mkdir /etc/httpd/ssl.crt
    2. mkdir /etc/httpd/ssl.key
    3. mkdir /etc/httpd/ca-bundle
    4. chmod 600 /etc/httpd/ssl.key
    5. /etc/httpd/ssl.key/
    6. chmod 600 /etc/httpd/ssl.key/
    7. vim /etc/httpd/ssl.crt/
      • Paste cert here
    8. vim /etc/httpd/ca-bundle/ca-chain.pem
      • You will need to grab this from the issuer of your SSL Certificate
  1. Add the key, cert, and ca-bundle to the Apache Configuration file
    • SSLCertificateFile /etc/httpd/ssl.crt/
    • SSLCertificateKeyFile /etc/httpd/ssl.key/
    • SSLCACertificateFile /etc/httpd/ca-bundle/ca-chain-pem
  1. Verity mod_ssl is installed
    • httpd -M | grep ssl
  1. Verify the config doesn’t contain syntax errors
    • apachectl configtest
  1. Restart Apache
    • service httpd restart

Leave a Reply

Your email address will not be published. Required fields are marked *