APACHE OPENSSL CSR AND CERTIFICATE INSTALLATION 

Please follow these instructions to install your SSL certificate on Apache. Please make sure you have completed the following before attempting to install your certificate. 

APACHE OPENSSL ECC CSR CREATION

To generate a ECC CSR for Apache HTTP Server, perform the following steps. They will enable you to complete the order process!

Instructions:

1.  Log into your Apache server.

2. The OpenSSL command to generate a 256-bit ECC key is:

openssl ecparam -out server.key -name prime256v1 -genkey
3. Type this command into your prompt where server is the name of our server.

4. Save the generated .key file for later installation use.

5. Next you must generate the an ECC CSR by typing the command below, where server is the name of our server. openssl req -new -keyserver.key -out server.csr

6. Fill out the information required. Information that is not required can be filled out with ‘.’ and it will be left blank.

7. Your .csr file is now created. Use this file in the TRUSTZONE orderform by copy pasting it into the CSR field.

Remember to include the:

—–BEGIN NEW CERTIFICATE REQUEST—-
and
—–END NEW CERTIFICATE REQUEST—– 

8. You can now use the generated CSR to request a reissue or order a new ECC certificate from TRUSTZONE.

 

INSTALL YOUR SSL CERTIFICATE

1. Once you received your SSL certificate by e-mail, please copy and paste it into a text file (with Notepad or Wordpad) and save the file with the .crt extension and include the tags:

—–BEGIN CERTIFICATE—–
and —–END CERTIFICATE—–)

2. Copy and paste the content in a text file with the .crt extension.

3. Copy the two files in the directory on your server where you will keep your certificate and key files. Make them readable by root only.

4. Find your Apache config file (it varies from server to server). This file is usually located in /etc/httpd. The file is usually named httpd.conf

5. Find the <VirtualHost> blocks in httpd.conf. If you need your site to be accessible through both https and http, you need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and configure it for SSL. If you need your site to be accessed securely only, configure the existing virtual host.

6. Configure the <Virtualhost> block for the SSL-enabled site:

<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/html2
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/intermediate_certificate.crt
</VirtualHost>

7. Test your Apache configuration before restarting by typing apachectl configtest.

Restart Apache:
apachectl stop
apachectl start

Note: If Apache doesn’t start with SSL enabled, try ‘apachectl startssl’ instead of ‘apachectl start’. If it works, we recommend you adjust the apache startup configuration to include SSL support in the regular ‘apachectl start’ command.

 

Last updated: August 21, 2017