Generate ssl certificate for apache

SSL

In below article we will discuss how to generate a csr and generate ssl certificate for apache web server.

1. User can generate a CSR executing the following in the command prompt from ROOT\openssl\bin folder.

openssl req -config openssl.cnf -new –nodes

2. Enter values for Country, State, City, Company Name, Domain Name, E mail Address and a Pass Phrase as shown in the example below.

ROOT\openssl\bin>openssl req -config openssl.cnf -new -nodes
Using configuration from openssl.cnf
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
..............................................................................
++++
.......++++++
writing new private key to 'privkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []: US
State or Province Name (full name) []: CALIFORNIA
Locality Name (eg, city) []: PALO ALTO
Organization Name (eg, company) []: TECHPASTE INC
Organizational Unit Name (eg, section) []: PaloAlto
Common Name (eg, your websites domain name) []: techpaste.com
Email Address []: [email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

Leave the Challenge Password as blank

3. On completion of the above data input the following CSR file will be generated.

-----BEGIN CERTIFICATE REQUEST-----
MIIB7jCCAVcCAQAwga0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDQUxJRk9STklB
MRIwEAYDVQQHEwlQQUxPIEFMVE8xFTATBgNVBAoTDE1ldHJpY1N0cmVhbTERMA8G
A1UECxMIQ3liZXJjb24xITAfBgNVBAMTGHNuZGt0cmcubWV0cmljc3RyZWFtLmNv
bTEoMCYGCSqGSIb3DQEJARYZc3JhbWJhYnVAbWV0cmljc3RyZWFtLmNvbTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr/zdaLnzKy7uC0w1+ye/D4jrpzgdgzZE
UbvR1IoRqjBELvo9bHCSM/46WHk1N/fhxaFj0N4KCkzuvm4xW/lpLKxSVfjdtR56
JQjeccF/pBl+C0V2ZcZ7JIpht4C+VQp2IPOfaGylQKe0gzAOZ0WNJyZq0QJDg0IE
aFHKovZ87ZcCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAAbqF+FHUK+o6Fojq0gG
7uJv79HvQOY5UxNxyd0YeIu7C53OS7c5OJ6ZTGw5kQljACUYCy9DHYGdvh0/2mli
gZfxlx2MWqUvuOqMmn9xs+tWHrBBW0eqgrE6r0/od1PaoF7k0FxFz0PKGxwxyKY6
mMp0jXj54BdR+JTjZ1RShWNS
-----END CERTIFICATE REQUEST-----

4. Copy the Certificate portion into a text file (.csr) and place it in the following location ROOT\Apache\conf\ssl.csr(Here we have taken apache as the application which needs to be ssl configured)

5. A private key will be created by the name privkey.pem in the following location. ROOT\openssl\bin

6. Open the privkey.pem file which looks like below and save the code or copy the Certificate portion from privkey.pem into a text file (.key) and place it in the following location ROOT\Apache\conf\ssl.key

-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCv/N1oufMrLu4LTDX7J78PiOunOB2DNkRRu9HUihGqMEQu+j1s
cJIz/jpYeTU39+HFoWPQ3goKTO6+bjFb+WksrFJV+N21HnolCN5xwX+kGX4LRXZl
xnskimG3gL5VCnYg859obKVAp7SDMA5nRY0nJmrRAkODQgRoUcqi9nztlwIDAQAB
AoGBAJuDH0PDzZWDSubA2ZKudK8Nlu+VLr8b3RM8nRbrSuDQ9e9tQYnpj8hSBszX
jqd+bAtvqfyPuN+RTAcK6KMVqlFQJK2TUjHeJhWOlfPQqxBwX8RItU4NPjzh1vAn
LJ3kYqwM8uCPc4lxJiRiGlF3KBkNfY7mWTiOLR9Eiiv4lXkBAkEA3RLKdljtg/gY
fpRNzqCRMyZFSFUSwVZPq29j7J48P98PFXtXQyiYEmM0E8jvaGCihvipbOKye+X4
dZByuGSxZwJBAMvKmzYiKXRHnHyEevxRis3MoX2051xeLrr/99pNRQb9RROUpEQZ
Ec5KdZXbyOlnJpC0jH6+pByhJ1JEFo5dVFECQQC70QEM9pQjMB2vPFO2Hhf9up/V
yeD7PFbHMQVVu0E4iksIVxdVySEZTgqqXGV46dBqlstp5Fb6h/BEAQpVucY1AkBj
F6pvIR9dHjEWTujqZdADj/v6fwt824MHhM2FBcuJwX9kLQPO5Q3GbGhOrSc9bt3O
wSwLuTFdhnLzSo5ZPUJxAkEAhduMA7PhevzbezGmTqU7C9fab5fI7DYCKntsX5bx
yG7k+8ShgXaKq+SXaaDMthzIEFh1VO1upJJp0VsTgM16uA==
-----END RSA PRIVATE KEY-----

7. The generated CSR would contain information pertaining to the current configuration and encapsulates all the details required. This information needs to be provided to Certificate Authority (CA) such as VeriSign or RapidSSL to get a valid SSL certificate.

———– Provide the CSR file and privkey.pm to IT team to get the certificate.

8. Once you get the certificate file(.crt) for the generated CSR file, copy the Certificate portion into a text file (.crt) and place it in the following location ROOT\Apache\conf\ssl.crt

9. Put the crt and key file in your configuration file.like in Apache httpd.conf

——— Change the paths and filename to the proper certificate and key file names.

 

In case of any ©Copyright or missing credits issue please check CopyRights page for faster resolutions.

Leave a Reply