view · edit · sidebar · attach · print · history

Generate a CSR with OpenSSL

  • To generate the CSR and private key in Apache modSSL, follow the instructions below:

https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO2614

  1. Bitte kein Umlaut in Zürich verwenden.
  2. Auch die Email Adresse korrekt angeben. (Es wird eh vom Zertifikat bei der Ausstellung entfernt).
  3. Common Name muss die Domain sein
  • Install the cert:

https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO14822

  • Thawte will also want a new cabundle.crt

https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem

see:

https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AR1371

This must be in your /etc/apache2/vhosts/server_name.conf file 

    SSLCertificateFile /usr/local/ssl/crt/domainname.crt
    SSLCertificateKeyFile /usr/local/ssl/private/server.key
    SSLCACertificateFile /usr/local/ssl/crt/cabundle.crt

Removing the password at Apache restart

  • openssl rsa -in chrisschuld.com.key -out chrisschuld.com.key.nopass

or

Always backup the original key first (just in case)! 

 # cp www.key www.key.orig

Then unencrypt the key with openssl. You’ll need the passphrase for the decryption process: 

 # openssl rsa -in www.key -out new.key

Now copy the new.key to the www.key file and you’re done. Next time you restart the web server, it should not prompt you for the passphrase.

view · edit · sidebar · attach · print · history
Page last modified on August 23, 2012, at 02:36 PM