Generate ssl certificate for apache
In below article we will discuss how to generate a csr and generate ssl certificate for apache web server.
1. User can generate a CSR executing the following in the command prompt from ROOT\openssl\bin folder.
openssl req -config openssl.cnf -new –nodes
2. Enter values for Country, State, City, Company Name, Domain Name, E mail Address and a Pass Phrase as shown in the example below.
ROOT\openssl\bin>openssl req -config openssl.cnf -new -nodes Using configuration from openssl.cnf Loading 'screen' into random state - done Generating a 1024 bit RSA private key .............................................................................. ++++ .......++++++ writing new private key to 'privkey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []: US State or Province Name (full name) []: CALIFORNIA Locality Name (eg, city) []: PALO ALTO Organization Name (eg, company) []: TECHPASTE INC Organizational Unit Name (eg, section) []: PaloAlto Common Name (eg, your websites domain name) []: techpaste.com Email Address []: [email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:
Leave the Challenge Password as blank
3. On completion of the above data input the following CSR file will be generated.
-----BEGIN CERTIFICATE REQUEST----- MIIB7jCCAVcCAQAwga0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDQUxJRk9STklB MRIwEAYDVQQHEwlQQUxPIEFMVE8xFTATBgNVBAoTDE1ldHJpY1N0cmVhbTERMA8G A1UECxMIQ3liZXJjb24xITAfBgNVBAMTGHNuZGt0cmcubWV0cmljc3RyZWFtLmNv bTEoMCYGCSqGSIb3DQEJARYZc3JhbWJhYnVAbWV0cmljc3RyZWFtLmNvbTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr/zdaLnzKy7uC0w1+ye/D4jrpzgdgzZE UbvR1IoRqjBELvo9bHCSM/46WHk1N/fhxaFj0N4KCkzuvm4xW/lpLKxSVfjdtR56 JQjeccF/pBl+C0V2ZcZ7JIpht4C+VQp2IPOfaGylQKe0gzAOZ0WNJyZq0QJDg0IE aFHKovZ87ZcCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAAbqF+FHUK+o6Fojq0gG 7uJv79HvQOY5UxNxyd0YeIu7C53OS7c5OJ6ZTGw5kQljACUYCy9DHYGdvh0/2mli gZfxlx2MWqUvuOqMmn9xs+tWHrBBW0eqgrE6r0/od1PaoF7k0FxFz0PKGxwxyKY6 mMp0jXj54BdR+JTjZ1RShWNS -----END CERTIFICATE REQUEST-----
4. Copy the Certificate portion into a text file (.csr) and place it in the following location ROOT\Apache\conf\ssl.csr(Here we have taken apache as the application which needs to be ssl configured)
5. A private key will be created by the name privkey.pem in the following location. ROOT\openssl\bin
6. Open the privkey.pem file which looks like below and save the code or copy the Certificate portion from privkey.pem into a text file (.key) and place it in the following location ROOT\Apache\conf\ssl.key
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCv/N1oufMrLu4LTDX7J78PiOunOB2DNkRRu9HUihGqMEQu+j1s cJIz/jpYeTU39+HFoWPQ3goKTO6+bjFb+WksrFJV+N21HnolCN5xwX+kGX4LRXZl xnskimG3gL5VCnYg859obKVAp7SDMA5nRY0nJmrRAkODQgRoUcqi9nztlwIDAQAB AoGBAJuDH0PDzZWDSubA2ZKudK8Nlu+VLr8b3RM8nRbrSuDQ9e9tQYnpj8hSBszX jqd+bAtvqfyPuN+RTAcK6KMVqlFQJK2TUjHeJhWOlfPQqxBwX8RItU4NPjzh1vAn LJ3kYqwM8uCPc4lxJiRiGlF3KBkNfY7mWTiOLR9Eiiv4lXkBAkEA3RLKdljtg/gY fpRNzqCRMyZFSFUSwVZPq29j7J48P98PFXtXQyiYEmM0E8jvaGCihvipbOKye+X4 dZByuGSxZwJBAMvKmzYiKXRHnHyEevxRis3MoX2051xeLrr/99pNRQb9RROUpEQZ Ec5KdZXbyOlnJpC0jH6+pByhJ1JEFo5dVFECQQC70QEM9pQjMB2vPFO2Hhf9up/V yeD7PFbHMQVVu0E4iksIVxdVySEZTgqqXGV46dBqlstp5Fb6h/BEAQpVucY1AkBj F6pvIR9dHjEWTujqZdADj/v6fwt824MHhM2FBcuJwX9kLQPO5Q3GbGhOrSc9bt3O wSwLuTFdhnLzSo5ZPUJxAkEAhduMA7PhevzbezGmTqU7C9fab5fI7DYCKntsX5bx yG7k+8ShgXaKq+SXaaDMthzIEFh1VO1upJJp0VsTgM16uA== -----END RSA PRIVATE KEY-----
7. The generated CSR would contain information pertaining to the current configuration and encapsulates all the details required. This information needs to be provided to Certificate Authority (CA) such as VeriSign or RapidSSL to get a valid SSL certificate.
———– Provide the CSR file and privkey.pm to IT team to get the certificate.
8. Once you get the certificate file(.crt) for the generated CSR file, copy the Certificate portion into a text file (.crt) and place it in the following location ROOT\Apache\conf\ssl.crt
9. Put the crt and key file in your configuration file.like in Apache httpd.conf
——— Change the paths and filename to the proper certificate and key file names.
In case of any ©Copyright or missing credits issue please check CopyRights page for faster resolutions.