Friday, August 19, 2011

Using SSL Certificate in your web site

1) Generate a key:


$ openssl genrsa -out www.example.com-key 2048

Generating RSA private key, 2048 bit long modulus

2) Generate a Certificate Sigining Request (CSR):

$ openssl req -new -key www.example.com-key -out

www.example.com-csr

You are about to be asked to enter information that will be

incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished

Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:

State or Province Name (full name) [Berkshire]:Greater London

Locality Name (eg, city) [Newbury]:London

Organization Name (eg, company) [My Company Ltd]:Acme Websites

Ltd.

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname)

[]:www.example.com

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

3) Buy a certificate:

You can buy certificate from verisign, or thwate or such CA. What you need to do is goto website of these Certificate Authority and submit your csr file.

4) Setup an SSL Vhost:



ServerName "www.example.com"

SSLEngine on

SSLCertificateFile "/etc/httpd/conf/ssl/www.example.com-cert"

SSLCertificateKeyFile "/etc/httpd/conf/ssl/www.example.com-key"

...