SMALL BUSINESSABOUT MELBOURNE IT

External hosting SSL Setup

Suggest Edits

If your domain is hosted elsewhere, you can still purchase an SSL from Melbourne IT and set it up on your server. The guide below is intended to help you with setting up an SSL on a third party server. While we have made every effort to make this guide both comprehensive and concise, because we will not have access to the server itself in the way we would if it were ours, there may be occasions when you need to ask the host from whom you hire the server space for clarification. This is only likely, however, if they are running an unusual server configuration.

Most hosts will, like Melbourne IT, provide a front-end user interface. There should be an option marked “SSL” and within this, an option to generate a CSR. When you select this, you will be asked to enter some details about the company – it’s important to note that these must match the details visible in the public whois lookup.

You will now see a block of text beginning with “---BEGIN CERTIFICATE REQUEST---“ and ending with “---END CERTIFICATE REQUEST---“. This is your CSR.

This is pasted into the enrollment email you receive from the certificate provider and sent back to them. They will then validate your CSR (see article), after which you will receive a email from the certificate provider asking you to give final confirmation to the certificate.

Once this is done, you will receive an email (usually to the technical contact address of your domain) containing the actual certificate. When you receive this, log into your hosting controls and look for a link to “Install SSL”. This will usually be in the same area as the “Generate CSR” link.

Generating a CSR using Apache OpenSSL

The below instructions may be useful if you run your own server array:

  1. Use the SSH terminal client to log into the server
  2. At the prompt, type 'openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr' where “server” is the name of the server.

Entering this command will begin the process of generating two files: your “private key” file for the decryption of your SSL, and the CSR (Certificate signing request).

When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing. If you are generating an Apache CSR for a Wildcard SSL Certificate your common name should start with an asterisk (such as *.example.com).

You will then be prompted for your organisational information, beginning with geographic information. There may be default information set already.

3. Open the CSR file with a text editor and copy and paste it (including the BEGIN and END tags) into the DigiCert Certificate order form.

4.Save (backup) the generated .key file as it will be required later for Certificate installation.

Installing an SSL on a third party Apache server

Once you have generated the CSR, you will need to download the intermediate certificate from the provider. (See the links below). Once you have done this, please follow the steps below:

For Apache OpenSSL

  1. Copy your SSL certificate from the order fulfillment email or log into your GlobalSign Certificate Center account and download it. Paste it into a text editor. Save as "mydomain.pem."
  2. Copy "mydomain.crt" and "intermediate.pem" to the directory in which you plan to store your certificates.
  3. Open your "httpd.conf" file with a text editor. Please note that some installations keep the SSL section separately in the "ssl.conf file." Locate the virtual host section for the site that the SSL certificate will secure.

Your virtual host section will need to contain the following directives.

  • SSLCertificateChainFile – This will need to point to the appropriate intermediate root CA certificates.

  • SSLCertificateFile – This will need to point to the end entity certificate. This is the certificate you have named “mydomain.crt.”

  • SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate.

    4.Save the changes to the file and quit the text editor.

5. Restart Apache

For Apache v2.x

  1. Download the appropriate root certificate and save it in a text editor as "gs_root.pem."
  2. Download the appropriate intermediate certificate(s) and save it in a text editor as "intermediate.pem".
  3. Copy your SSL certificate from the order fulfillment e-mail or log into your GlobalSign Certificate Center account and download it. Paste it into a text editor. Save the file as "mydomain.crt."
  4. Copy “mydomain.crt” and “intermediate.pem” to the directory in which you plan to store your certificates.
  5. Open your "httpd.conf" file with a text editor. Please note that some installations keep the SSL section separately in the "ssl.conf" file. Locate the the virtual host section for the site that the SSL certificate will secure.

Your virtual host section will need to contain the following directives:

  • SSLCACertificateFile – This will need to point to the appropriate GlobalSign root CA certificate.
  • SSLCertificateChainFile – This will need to point to the appropriate intermediate root CA certificates you previously created in Step 1 above.
  • SSLCertificateFile – This will need to point to the end entity certificate. This is the certificate you have called "mydomain.crt."
  • SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate.
  1. Save the changes to the file. Quit the text editor.
  2. Restart Apache.

Updated 2 months ago