CSR and SSL for Apache

 CSR and SSL for Apache

1. Create the CSR based on the https://www.digicert.com/kb/csr-ssl-installation/apache-openssl.htm 

you'll get the private key file and the csr file like 

openssl req -new -newkey rsa:2048 -nodes -out www_auspix_com.csr -keyout www_auspix_com.key -subj "/C=CA/ST=Ontario/L=Toronto/O=Peter/OU=Test/CN=www.auspix.com"

www_auspix_com.key

www_auspix_com.csr

2. Order Your SSL/TLS Certificate

You'll get the intermediate (DigiCertCA.crt) and your primary certificate (your_domain_name.crt) file.

3. Configure Apache

<VirtualHost 192.168.0.1:443> DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/DigiCertCA.crt </VirtualHost>

4. Restart and Verify from the browser

https://www.venafi.com/blog/what-difference-between-root-certificates-and-intermediate-certificates

 

• Root Certificate. A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by CAs.
   
• Intermediate Certificate. Intermediate certificates branch off root certificates like branches of trees. They act as middle-men between the protected root certificates and the server certificates issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.
   
• Server Certificate. The server certificate is the one issued to the specific domain the user is needing coverage for.