1.Certificate Creation

  • Generate Private Key
openssl genrsa -des3 -out shyju-pc.key 1024

if you don’t want to put password(Apache will always ask for password when starting the service)  don’t put -des3

  • Generate CSR
openssl req -new -key shyju-pc.key -config “C:\Apache\conf\openssl.cnf” -out shyju-pc.csr
  • Generate Self Signed certificate for time being
openssl x509 -req -days 30 -in shyju-pc.csr -signkey shyju-pc.key -out shyju-pc.crt
  • Export to ISS

openssl pkcs12 -export -out DigiCertBackup.pfx -inkey shyju-pc.key -in  shyju-pc.crt -certfile “D:\NetworkSolutions_CA.crt”
If you want to export certificate to another Apache server you can just copy the SSL certificate, private key, and any intermediate certificates to the second server and configure httpd.conf .

Network Solutions gives some instructions on their website that are outdated so it left me guessing on the correct order to create the SSLCertificateChainFile. Here is the correct order:

UTNAddTrustServer_CA.crt
AddTrustExternalCARoot.crt
NetworkSolutions_CA.crt

Just take the stuff out of each file and copy/paste into a new file. Do not remove the BEGIN and END lines. Then, place the file somewhere on the server and in the apache config enter the full path to it like this:
SSLCertificateChainFile /etc/httpd/conf/certs/network_solutions_combined_2008.crt


2. Edit httpd.conf

Listen 443
<VirtualHost _default_:443>
ServerName http://shyju-pc
SSLEngine on
SSLCertificateFile “C:\Apache\conf\shyju-pc.crt”
SSLCertificateKeyFile “C:\Apache\conf\shyju-pc.key”

SSLCertificateChainFile “C:\Apache\conf\combined.crt”
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
</VirtualHost>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s