TLS certificate installation on an Apache server
The following instructions will show you how to create a public key on an Apache server using OpenSSL, which can be used on any server, and then install a newly issued certificate..
Generating a CSR on Apache (OpenSSL)
To generate a CSR request (public key) and private key, the OpenSSL tool is used.
In the first step, generate a key pair (private key and public key in CSR). Open the OpenSSL and use the following commands:
openssl genrsa –des3 –out www.mydomain.com.key 2048
Parameter -des3 ensures the use of a passphrase for the private key (encryption); if you do not use this parameter, the private key will be unprotected.
In the second step, generate the CSR request itself. You can also generate a CSR with a private key in the SSLmarket administration and save the private key for later installation..
openssl req –new –key www.mydomain.com.key –out www.mydomain.com.csr
After entering the order, you will be asked to specify the data for the CSR.
- Common Name: Common Name is the complete name of the domain for which the certificate is to be issued.
- Company / Organization: Enter the full name of the company as it appears in the Commercial Register, including the legal form.
- Organizational Unit: This field is optional and is used to specify the organizational unit of the organization, such as the branch or department.
- Locality / City: City name
- State / Province: Left if blank
- Country Name: State code - GB
- CN: www.sslmarket.co.uk
- OU: Software
- O: ZONER software
- C: GB
- L: London
Do not enter additional information such as e-mail address, password or optional company name in the CSR request. OpenSSL will create a file with the CSR extension, which you will insert into the certificate order at sslmarket.co.uk.
Installation of the issued certificate on the server
Creating files with keys
The issued TLS certificate is delivered by email. The certificate arrives in text form encoded in Base64 format. Save the certificate text to the server as a file public.crt.
Get the right intermediate certificates and save them to one file intermediate.crt . Copy both new files to the /usr/local/ssl/crt/ folder.
Intermediate certificates are sent in the email with the certificate. You can find them on our site under Intermediate certificates as well.
To use the created keys, it is necessary to set up the server itself.
Open and edit the Apache configuration file called httpd.conf (it's typically in /etc/httpd folder) and add the following 3 directives to the section
- SSLCertificateFile /usr/local/ssl/crt/public.crt
- SSLCertificateKeyFile /usr/local/ssl/private/private.key
- SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
apachectl configtestThe final step is to restart the Apache webserver.
Example of server configuration
Here is a typical example of a server configuration in an httpd.conf file.
Is everything alright? Check the certificate installation in our simple tool. For more information read the article Check installation of TLS certificate.