Setup SSL Tutorial teaches you how to generate and setup a SSL certificate.

Assuming you have apache and openssl installed, you would like to generate and s
etup an SSL certificate for a domain and generate a CSR.
First, Generate the RSA & CSR (Signing Request)
[root@chevelle root]#
[root@chevelle root]# cd /etc/httpd/conf/ssl.key
Generate the RSA without a passphrase: Generating a RSA private key without a pa
ssphrase (I recommended this, otherwise when apache restarts, you have to enter
a passphrase which can leave the server offline until someone inputs the passphr
ase)
[root@chevelle /etc/httpd/conf/ssl.key]# openssl genrsa -out yourdomain.key 1024
Or, with a passphrase: Generating a RSA private key with a passphrase. You will
be prompted to enter a passphrase right after you hit enter.
[root@chevelle/etc/httpd/conf/ssl.key]# openssl genrsa -des3 -out yourdomain.key
1024
You should generally NOT generate the RSA private key with a passphrase if you h
ave scripts that restart apache automatically in case of a crash or otherwise. I
f there is a passphrase, Apache will just sit there and wait for the script to i
nput the passphrase which means downtime, and downtime usually equals bad.
Next generate the CSR using the RSA Private Key
[root@chevelle/etc/httpd/conf/ssl.csr]# openssl req -new -key yourdomain.key -ou
t yourdomain.csr
[root@chevelle/etc/httpd/conf/ssl.csr]# mv yourdomain.csr ../ssl.csr
You will be asked to enter your Common Name, Organization, Organization Unit, Ci
ty or Locality, State or Province and Country.
Do not enter these characters < > ~ ! @ # $ % ^ * / ( ) ?.,& because they will not
be accepted.
Common Name: the domain for the web server (e.g. MYdomain.com)
Organization: the name of your organization (e.g. YUPAPA)
Organization Unit: the section of the organization (e.g. Sales)
City or Locality: the city where your organzation is located (e.g. Flanders)
State or Province: the state / province where your organzation is located (e.g N
ew Jersey)
Country: the country where your organzation is located (e.g US)
You may be asked for an email address and a challenge password. I usually just h
it enter.
Now you should have:
/etc/httpd/conf/ssl.key/yourdomain.key
/etc/httpd/conf/ssl.csr/yourdomain.csr
Be sure to always make a backup copy of your private key! If you lose it, youll h
ave to purchase a new cert!
Now you need to submit your CSR to your provider and they will mail you the cert
ificate. They usually also send you a confirmation email before the certificate
is sent out.
Now that you have the certificate..
Installing the Certificate for Apache
[root@chevelle root]# cd /etc/httpd/conf/ssl.crt
Copy the certificate that they mailed you to yourdomain.crt
Open your httpd.conf file and place the following to your virtualhost
<VirtualHost 209.123.546.123:443>
- other config details-
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/yourdomain.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/yourdomain.key
</VirtualHost>
Restart apache
OPTION 1 [root@chevelle /etc/httpd/conf/ssl.crt]# apachectl restart
OPTION 2 (using the sh script) [root@chevelle /etc/httpd/conf/ssl.crt]# /etc/rc.
d/init.d/httpd restart
You may be asked to enter the passphrase IF you generated the RSA with a passphr
ase. If you do NOT want to be asked for a passphrase when restarting apache, re-
generate your RSA key file.
[root@chevelle /etc/httpd/conf/ssl.crt]# cd ../ssl.key
[root@chevelle /etc/httpd/conf/ssl.key]# mv yourdomain.key yourdomain.key.has-pa
ssphrase
[root@chevelle /etc/httpd/conf/ssl.key]# openssl rsa -in yourdomain.key.has-pass
phrase -out yourdomain.key
And then restart apache again
[root@chevelle /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart