Ssl

From Cheatsheet

Jump to: navigation, search
 cd /etc/apache2/ssl/
 apt-get install openssl  
 openssl genrsa -des3 -out www.somedomain.com.key 2048
 openssl req -new -key www.somedomain.com.key -out www.somedomain.com.csr

now get rid of the password, otherwise apache will fail with really strange ssl library errors 

 mv mydomain.com.key mydomain.com.key.with_password
 openssl rsa -in mydomain.com.key.with_password -out mydomain.com.key
 enter passphrase for mydomain.com.key.with_password: 
 writing RSA key

first you have to generate a csr, (certificate siging request) that you tell godaddy about and it goes looking for a matching file on your server to confirm the site identity, once it does this, godaddy will generate a crt (certificate) that you have to place in the spot on your server godaddy went looking for the csr and then change apache so it knows to look for a crt then restart apache. First you have to generate a csr: 

 mkdir /etc/apache2/ssl
 cd /etc/apache2/ssl
 https://www.digicert.com/easy-csr/openssl.htm will generate the command you need, example output below
 openssl req -new -newkey rsa:2048 -nodes -out www.somedomain.com.csr -keyout www.somedomain.com.key
 openssl req -new -newkey rsa:2048 -nodes -out www.somedomain.com.csr -keyout www.somedomain.com.key -subj "/C=US/ST=CA/L=San Diego/O=Malware Busters LLC/CN=www.malwarebusters.com"
 openssl req -newkey rsa:2048 -nodes -keyout www.somedomain.key -out www.somedomain.csr
 openssl req -new -key domainname.key -out domainname.csr
 openssl req -newkey rsa:2048 -nodes -keyout www.somedomain.com.key -out www.somedomain.com.csr

make sure CN (common name) is EXACTLY the site name, i.e. www.somedomain.com 

 vi /etc/apache2/site-available/www.somedomain.com-ssl
   NameVirtualHost your.static.i.p:443
   <VirtualHost www.somedomain.com:443>
   #SSL Configuration
   SSLEngine on
   SSLCertificateFile /etc/apache2/ssl/www.somedomain.com.csr (change to crt once you get the cert)
   SSLCertificateKeyFile /etc/apache2/ssl/www.somedomain.com.key
   DocumentRoot /var/www/
   ScriptAlias /cgi-bin/ /var/www/cgi/
   ServerName www.somedomain.com
   ErrorLog /var/log/apache2/error_log
       <Directory />
               Options -Indexes FollowSymLinks MultiViews
               AllowOverride None
               Order deny,allow
               Allow from all
       </Directory>
   </VirtualHost>

enable ssl in apache2 

 apt-get install openssl ssl-cert
 vi /etc/apache2/ports.conf
   Listen 443
 a2enmod ssl
 /etc/init.d/apache2 force-reload
Retrieved from "http://logicalwebhost.com/cheatsheet/index.php/Ssl"
Personal tools