1. Assume xyz is the company and supplychain.xyz.com is website.
2. Change to the SSL directory (go for appropriate driectory for your company)
cd /etc/apache2/ssl.key
3. Create Key for the server
#openssl genrsa –out supplychain.xyz.com-server.key 2048
4. Create a certificate signing request in the following directory (go for appropriate driectory for your company)
cd /etc/Apache2/ssl.csr
#openssl req –new –x509 –days 365 –key supplychain.xyz.com.key –out supplychain.xyz.com.csr
It will ask the following parameters
Parameters: -C “supplychain.xyz.com” –c US –s Kentucky –l Louisville -o “XYZ LLC” -u “eBusiness Services” -n “supplychain.xyz.com”
5. Test the certificate contents by using “openssl x509 –text –in supplychain.xyx.com.csr –noout”
6. Send the csr file to vendor to get the new certificate
7. When CA provides certificate, rename the certificate as supplychain.crt
8. Copy this file to the following directory /etc/Apache2/ssl.crt
9. Change group memebship to Apache with “chgrp apache supplychain.crt”
10. Edit the following file :
/etc/apache2/vhosts.d/supplychain-ssl.conf
SSLEngine on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate' under
# built time.
SSLCertificateFile /etc/apache2/ssl.crt/supplychain.crt
# Point SSLCertificateKeyFile at the private key.
SSLCertificateKeyFile /etc/apache2/ssl.key/supplychain.xyz.com-server.key
# If your CA tells you that you need the Intermediate or Root
# certificate, install and specify it as here:
SSLCACertificateFile /etc/apache/ssl.crt/ca-bundle.crt (in our case no need to change it)
11.Restart Apache if needed
/etc/init.d/apache2 restart
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment