To Generate a Certificate Signing Request for Apache 2.x
1. Log in to your server's terminal (SSH).
2. At the prompt, type the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Replace yourdomain with the domain name you're securing. For example, if your domain name is coolexample.com, you would type coolexample.key and coolexample.csr.
3. Enter the requested information:
Common Name: The fully-qualified domain name, or URL, you're securing.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
Organization Unit: If applicable, enter the DBA (doing business as) name.
City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
State or Province: Name of the state or province where your organization is located. Do not abbreviate.
Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
If you do not want to enter a password for this SSL, you can leave the Passphrase field blank. However, please understand there might be additional risks.
4. Open the CSR in a text editor (nano;pico;vi) and copy all of the text.
Apache SSL Installation Instructions
1. Save the primary and intermediate certificates to /etc/ssl/certs/ on the server with the private key.
2. Open the Apache configuration file in a text editor.
Apache configuration files are usually found in /etc/httpd/. The main configuration file is usually named httpd.conf. In most cases the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find the <VirtualHost> blocks in a separate file in a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf.
3. If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and change the port from port 80 to 443.
4. Add the lines in below:
<VirtualHost 192.168.0.1:443> DocumentRoot /var/www/website ServerName www.domain.com SSLEngine on SSLCertificateFile /etc/ssl/crt/primary.crt SSLCertificateKeyFile /etc/ssl/crt/private.key SSLCertificateChainFile /etc/ssl/crt/intermediate.crt </VirtualHost>
5. Change the names of the files and paths to match your certificate files:
SSLCertificateFile should be your primary certificate file for your domain name.
SSLCertificateKeyFile should be the key file generated when you created the CSR.
SSLCertificateChainFile should be the intermediate certificate file (if any) that was supplied by your certificate authority.
6. Save the changes and exit the text editor (nano;pico;vi).
7. Restart your Apache web server using one of the following commands:
service httpd restart
service apache2 restart