Follow the below instructions to generate a CSR for your Web site. When you have completed generating your CSR, cut/copy and paste it into the CSR field on the SSL certificate-request page.
CSR-Generation Instructions
To generate a triple-DES encrypted key pair and a Certificate Signing Request (CSR):
Enter the following commands:
- cd /usr/bin/ (/your path to openssl/)
Enter a passphrase when prompted to.
- openssl genrsa -des3 -out <name of your certificate>.key 1024
- openssl req -new -key <name of your certificate>.key -out <name of your certificate>.csr
Please enter the information as prompted. If you are requesting a Wildcard certificate, please add an asterisk (*) on the left side of the Common Name (e.g., "*.domainnamegoes.com" or "www*.domainnamegoeshere.com"). This will secure all subdomains of the Common Name.
Now you should have:
domain.com.key and domain.com.csr
Make a backup copy of your private key! If you lose it, you have to purchase a new cert!
You should NOT generate the RSA private key with a passphrase if you have scripts that restart apache automatically. If you have, then apache just sit there and wait for the script to input the passphrase!
There is a method that you can disable the passphrase to prompt when you restart apache.
# mv MYdomain.com.key MYdomain.com.key.has-passphrase
# openssl rsa -in MYdomain.com.key.has-passphrase -out MYdomain.com.key
And then restart apache.
To ensure your SSL works, you should have something like this in your httpd.conf
<VirtualHost 123.456.789.123:443>
… some config like DocumentRoot , etc..
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/MYdomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/MYdomain.com.key
</VirtualHost>