view · edit · sidebar · attach · print · history

Generate a CSR with OpenSSL

  • To generate the CSR and private key in Apache modSSL, follow the instructions below:

  1. Bitte kein Umlaut in Zürich verwenden.
  2. Auch die Email Adresse korrekt angeben. (Es wird eh vom Zertifikat bei der Ausstellung entfernt).
  3. Common Name muss die Domain sein
  • Install the cert:

  • Thawte will also want a new cabundle.crt


This must be in your /etc/apache2/vhosts/server_name.conf file

    SSLCertificateFile /usr/local/ssl/crt/domainname.crt
    SSLCertificateKeyFile /usr/local/ssl/private/server.key
    SSLCACertificateFile /usr/local/ssl/crt/cabundle.crt  

Removing the password at Apache restart

  • openssl rsa -in -out


Always backup the original key first (just in case)!

 # cp www.key www.key.orig

Then unencrypt the key with openssl. You’ll need the passphrase for the decryption process:

 # openssl rsa -in www.key -out new.key

Now copy the new.key to the www.key file and you’re done. Next time you restart the web server, it should not prompt you for the passphrase.

view · edit · sidebar · attach · print · history
Page last modified on August 23, 2012, at 02:36 PM