Generating a CSR using Apache OpenSSL
The below instructions may be useful if you run your own server array:- Use the SSH terminal client to log into the server
- At the prompt, type ‘openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr’ where “server” is the name of the server.
- Open the CSR file with a text editor and copy and paste it (including the BEGIN and END tags) into the DigiCert Certificate order form.
Installing an SSL on a third party Apache server
Once you have generated the CSR, you will need to download the intermediate certificate from the provider. (See the links below). Once you have done this, please follow the steps below:For Apache OpenSSL
- Copy your SSL certificate from the order fulfillment email or log into your GlobalSign Certificate Center account and download it. Paste it into a text editor. Save as “mydomain.pem.”
- Copy “mydomain.crt” and “intermediate.pem” to the directory in which you plan to store your certificates.
- Open your “httpd.conf” file with a text editor. Please note that some installations keep the SSL section separately in the “ssl.conf file.” Locate the virtual host section for the site that the SSL certificate will secure.
Your virtual host section will need to contain the following directives.
- SSLCertificateChainFile – This will need to point to the appropriate intermediate root CA certificates.
- SSLCertificateFile – This will need to point to the end entity certificate. This is the certificate you have named “mydomain.crt.”
- SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate. 4.Save the changes to the file and quit the text editor.
- Restart Apache
For Apache v2.x
- Download the appropriate root certificate and save it in a text editor as “gs_root.pem.”
- Download the appropriate intermediate certificate(s) and save it in a text editor as “intermediate.pem”.
- Copy your SSL certificate from the order fulfillment e-mail or log into your GlobalSign Certificate Center account and download it. Paste it into a text editor. Save the file as “mydomain.crt.”
- Copy “mydomain.crt” and “intermediate.pem” to the directory in which you plan to store your certificates.
- Open your “httpd.conf” file with a text editor. Please note that some installations keep the SSL section separately in the “ssl.conf” file. Locate the the virtual host section for the site that the SSL certificate will secure.
- SSLCACertificateFile – This will need to point to the appropriate GlobalSign root CA certificate.
- SSLCertificateChainFile – This will need to point to the appropriate intermediate root CA certificates you previously created in Step 1 above.
- SSLCertificateFile – This will need to point to the end entity certificate. This is the certificate you have called “mydomain.crt.”
- SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate.
- Save the changes to the file. Quit the text editor.
- Restart Apache.