The First step is to submit the CSR (Certificate Signing Request) Certificate to the Certification Authority. Certification Authority means from where you bought your SSL Certificate.
Following are the process for generating a CSR Certificate:-
STEP 1:- Log Into Your Server
Open terminal window to connect to your server through SSH. Access to a user account with root or sudo privileges.
Step 2: Install openssl on your server
Commands to Install openssl are as follows. If already Installed ignore this steps:-
yum group install 'Development Tools' && yum install perl-core libtemplate-perl zlib-devel
wget -c https://www.openssl.org/source/openssl-1.0.2p.tar.gz
tar -xzvf openssl-1.0.2p.tar.gz
cd openssl-1.0.2p
./config
make
make test
sudo make install
mv /usr/bin/openssl/root
ln -s /usr/local/ssl/bin/openssl/ /usr/bin/openssl
openssl version
Step 2: Create an RSA Private Key and CSR
It is advised to issue a new private key each time you generate a CSR. Hence, the steps below instruct on how to generate both the private key and the CSR.
openssl req -new -newkey rsa:2048 -nodes -keyout your_domain.key -out your_domain.csr
Make sure to replace your_domain with the actual domain you’re generating a CSR for.
The commands are broken out as follows:
- openssl – activates the OpenSSL software
- req – indicates that we want a CSR
- –new –newkey – generate a new key
- rsa:2048 – generate a 2048-bit RSA mathematical key
- –nodes – no DES, meaning do not encrypt the private key in a PKCS#12 file
- –keyout – indicates the domain you’re generating a key for
- –out – specifies the name of the file your CSR will be saved as
Step 3: Enter Your CSR Information
Your system should launch a text-based questionnaire for you to fill out.
Enter your information in the fields as follows:
- Country Name – use a 2-letter country code (US for the United States)
- State – the state in which the domain owner is incorporated
- Locality – the city in which the domain owner is incorporated
- Organization name – the legal entity that owns the domain
- Organizational unit name – the name of the department or group in your organization that deals with certificates
- Common name – typically the fully qualified domain name (FQDN), i.e. what the users type in a web browser to navigate to your website
- Email address – the webmaster’s email address
- Challenge password – an optional password for your key pair
Please take into account that Organization Name and Unit Name must not contain the following characters:
< > ~ ! @ # $ % ^ * / \ ( ) ?.,&
Step 4: Locate Certificate Signing Request File
Once the software finishes, you should be able to find the CSR file in your working directory.
You can also enter the following:
ls *.csr
Now open the .csr file and submit the alphanumeric code to your SSL provider.
Once Comodo verifies your CSR the request, download the SSL files. Copy them (ComodoRSACA.crt) and the Primary Certificate (yourdomain.crt), to your Apache server directory. The private key generated during the CSR (Certificate Signing Request) process needs to be on the same server.
Configure Virtual Hosts for SSL
Open the SSL configuration file and comment the virtual host line, and paste the following virtual host.
<VirtualHost *:443>
DocumentRoot /var/www/html/abxzyx.com
ServerName abxzyx.com
SSLEngine On
SSLCertificateFile /etc/ssl/private/abxzyx.com.crt
SSLCertificateKeyFile /opt/abxzyx.txt
SSLCertificateChainFile /etc/ssl/private/abxzyx.com.ca-bundle
</VirtualHost>
After that save and exit.
Test your apache configuration before restarting.
httpd -t
Once the system confirms that the syntax is correct, restart Apache:
sudo systemctl restart httpd
You have now set up your Apache server to use the SSL certificate. 🙂