CSR and SSL for Apache
1. Create the CSR based on the https://www.digicert.com/kb/csr-ssl-installation/apache-openssl.htm
you'll get the private key file and the csr file like
openssl req -new -newkey rsa:2048 -nodes -out www_auspix_com.csr -keyout www_auspix_com.key -subj "/C=CA/ST=Ontario/L=Toronto/O=Peter/OU=Test/CN=www.auspix.com"
www_auspix_com.key
www_auspix_com.csr
2. Order Your SSL/TLS Certificate
You'll get the intermediate (DigiCertCA.crt) and your primary certificate (your_domain_name.crt) file.
3. Configure Apache
<VirtualHost 192.168.0.1:443> DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/DigiCertCA.crt </VirtualHost>
4. Restart and Verify from the browser
https://www.venafi.com/blog/what-difference-between-root-certificates-and-intermediate-certificates
- Root Certificate. A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by CAs.
- Intermediate Certificate. Intermediate certificates branch off root certificates like branches of trees. They act as middle-men between the protected root certificates and the server certificates issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.
- Server Certificate. The server certificate is the one issued to the specific domain the user is needing coverage for.
No comments:
Post a Comment