Difference between revisions of "Server:SSL"

openssl genrsa -des3 -out radon.nz.key.withpass 2048
# need to enter a passphrase
# but then do the following to remove it
openssl rsa -in radon.nz.key.withpass -out radon.nz.key

openssl req -new -key radon.nz.key -out radon.nz.csr
# Country Name (2 letter code) [AU]:NZ
# State or Province Name (full name) [Some-State]:Otago
# Locality Name (eg, city) []:Arrowtown
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Radon Computing Limited
# Organizational Unit Name (eg, section) []:
# Common Name (e.g. server FQDN or YOUR name) []:*.radon.nz
# Email Address []:
# 
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
# An optional company name []:


# use radon.nz.csr to renew certificate with trustico
# a resulting "pem" will be provided. save this as radon.nz.pem
# also the certificate chain will be provided. save this as RapidSSL.pem

# move radon.nz.key to /etc/ssl/private/
# move radon.nz.pem to /etc/ssl/certs/
# move RapidSSL.pem to /etc/ssl/certs/

# For radon.nz wild card cert
# run "apache2ctl configtest" to check before restarting apache

        SSLEngine on

        SSLCertificateFile      /etc/ssl/certs/radon.nz.pem
        SSLCertificateKeyFile   /etc/ssl/private/radon.nz.key
        SSLCertificateChainFile /etc/ssl/certs/RapidSSL.pem