You can generate a csr through the shell using the following command:
root@server1[/]# /scripts/gencsr
This will ask you all the information like email address, domain name, country code, City, Company etc; fill the values and it generates a csr certificate and a private key.Use the following steps to install an ssl certificate:
Please check the domain name for which the ssl certificate is issued means www.domainname.com or domainname.com. Suppose you have to install an ssl certificate for domainname.com. You already generate csr for the domainname.com. Check following steps.
1)
Go to directory /usr/share/ssl/certs
root@server1[/]# cd /usr/share/ssl/certs
Please check domainname.com.csr file is present already.
root@server1[/usr/share/ssl/certs]# ls –l | grep domainname.com.csr
Create the .crt file and paste the ssl certificate into a .crt file as per below
root@server1 [/usr/share/ssl/certs]# vi domainname.com.crt
paste ssl certificate
save the file.
If cabundle is provided by the client then add it in the domainname.com.cabundle file under the directory /usr/share/ssl/certs
root@server1 [/usr/share/ssl/certs]# vi domainname.com.cabundle
paste the cabundle key and save the file.
2)
Go to directory /usr/share/ssl/private and check to see if the file domainname.com.key is already present.
root@server1[/]# cd /usr/share/ssl/private
root@server1[/usr/share/ssl/private]# ls –l | grep domainname.com.key
3)
Go to the file /etc/httpd/conf/httpd.conf and copy the virtual host entry for the domainname.com in notepad and add the following line above the end of the tag
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domainname.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domainname.com.key
SSLCACertificateFile /usr/share/ssl/certs/domainname.com.cabundle
SSLLogFile /usr/local/apache/domlogs/shop.discdudes.com-ssl_data_log
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
Add the following line above the virtual host entry.
add the following line at the end of the virtualhost tag.
Now your sslVH entry should look like as per below. Please check the sample sslVH entry.
ServerAlias domainname.com
ServerAdmin webmaster@domainname.com
DocumentRoot /home/username/public_html
BytesLog domlogs/domainname.com-bytes_log
ServerName domainname.com
User username
Group username
CustomLog /usr/local/apache/domlogs/domainname.com combined
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domainname.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domainname.com.key
SSLCACertificateFile /usr/share/ssl/certs/domainname.com.cabundle
SSLLogFile /usr/local/apache/domlogs/shop.discdudes.com-ssl_data_log
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
4)
If cabundle is not given by the client then remove the following line from the sslVH entry
SSLCACertificateFile /usr/share/ssl/certs/domainname.com.cabundle
5)
Add the sslVH entry in httpd.conf file and restart the httpd service.
Now you are able to access site https://domainname.com
Please check the file paths are correctly specified for .crt, .key and .cabundle file. If the file paths are incorrect in the sslVH entry then the httpd service won’t started.
Subscribe to:
Post Comments (Atom)
gooooooooooooooooooooooooood
ReplyDeleteServerName domain.com
ReplyDeleteDocumentRoot /var/www/4oficio/data/www/domain.com
SuexecUserGroup 4oficio 4oficio
CustomLog /var/www/httpd-logs/domain.com.access.log combined
ErrorLog /dev/null
SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLCertificateFile /var/www/httpd-cert/domain.com.crt
SSLCertificateKeyFile /var/www/httpd-cert/domain.com.key
ServerAlias www.domain.com
ServerAdmin webmaster@domain.com
AddHandler php-cgi .php .php3 .php4 .php5 .phtml
ScriptAlias /cgi-bin/ /var/www/4oficio/data/www/domain.com/cgi-bin/
ScriptAlias /php-bin/ /var/www/4oficio/data/php-bin/
AddDefaultCharset utf-8