Within the Openssl-0.9.3a directory are the tools needed to generate keys for a secure web server.
./apps/openssl genrsa -des3 -out server.key 1024
./apps/openssl rsa -noout -text -in server.key
./apps/openssl req -new -key server.key -out server.csr
You will be asked a series of short questions.
It is essential that you enter the domain name of the SSL server for the Common Name.
For example, for http://safe.mydomain.com you would enter safe.mydomain.com .
You can see the details of this CSR via the command:
./apps/openssl req -noout -text -in server.csr
Go to this section of Thawte's website. (opens new window)
Click on Reseller Home Page which appears on the left frame of the page.
Enter in the appropriate username and password.
Once you are in, click on Buy a Server Certificate.
You are then asked a few simple questions - make sure you choose the correct web server you intend the certificate to run on.
Also make sure that you enter in the exact domain name as you had specified when you created the server.csr file (above).
Cut and paste the server.csr file into the box - make sure you include the taglines before & after the code.
Configuring Apache for SSL
Once you have recieved the key from Thawte (this takes several days), save this to server.crt and in within in the same directory copy over the server.key (from above).
Apache/1.3.9 (Unix) mod_perl/1.21 mod_ssl/2.4.9 OpenSSL/0.9.4 configuredThis page describes how to set Apache up for this.
Backup your current httpd and apachectl first!
Copy these files over to your site's bin directory and edit them, as described below:
It is advised that you add/replace these lines to the configuration section:
ROOT=/usr/apache/httpd-[site] HTTPD="/usr/apache/httpd-[site]/bin/httpd -d $ROOT -DSSL"In the httpd.conf file, point the following variables to the right locations for the .key and .crt certificates:
SSLCertificateKeyFile /usr/apache/httpd-[site]/conf/server.key # public key SSLCertificateFile /usr/apache/httpd-[site]/conf/server.crt # key recieved from Thawte
Restart the server using /usr/apache/httpd-[site]/apachectl stop and then start
Afra Ahmad 1999