Security Certificate

This page describes how to setup a SSL Certificate for a clent. Before starting, you will need the following information:

Within the Openssl-0.9.3a directory are the tools needed to generate keys for a secure web server.

The server.csr file that you created is the key that is to be sent over to Thawte.
Backup the two files: server.csr and server.key .


This section describes how to send over the key, server.csr to Thawte.

Go to this section of Thawte's website. (opens new window)

Click on Reseller Home Page which appears on the left frame of the page.
Enter in the appropriate username and password.

Once you are in, click on Buy a Server Certificate.

You are then asked a few simple questions - make sure you choose the correct web server you intend the certificate to run on.

Also make sure that you enter in the exact domain name as you had specified when you created the server.csr file (above).

Cut and paste the server.csr file into the box - make sure you include the taglines before & after the code.

Configuring Apache for SSL

Once you have recieved the key from Thawte (this takes several days), save this to server.crt and in within in the same directory copy over the server.key (from above).

Getting the right Apache binary

In order to run Apache with SSL, you must have SSL compiled into Apache.
In /usr/ssl_binary is the directory in which you can take the binary httpd and script file apachectl.
The Apache binary, httpd comes pre-compiled with:
Apache/1.3.9 (Unix) mod_perl/1.21 mod_ssl/2.4.9 OpenSSL/0.9.4 configured
This page describes how to set Apache up for this.

Backup your current httpd and apachectl first!

Copy these files over to your site's bin directory and edit them, as described below:

It is advised that you add/replace these lines to the configuration section:

HTTPD="/usr/apache/httpd-[site]/bin/httpd -d $ROOT -DSSL"
In the httpd.conf file, point the following variables to the right locations for the .key and .crt certificates:

SSLCertificateKeyFile /usr/apache/httpd-[site]/conf/server.key # public key
SSLCertificateFile /usr/apache/httpd-[site]/conf/server.crt # key recieved from Thawte

Restart the server using /usr/apache/httpd-[site]/apachectl stop and then start

Afra Ahmad 1999