...
Code Block |
---|
|
su bhitch # Use a sudo enabled account.
cd ~
mkdir private
chmod -R 700 ./private
cd private
openssl genrsa -out www.earth.com_server.pem.base64.key 2048
|
The openssl command reads,
...
Code Block |
---|
|
openssl req -new -key www.earth.com_server.pem.base64.key -out www.earth.com_server.pem.base64.csr |
You will be prompted to enter information about the certificate. The values should reflect your organization.
...
Code Block |
---|
|
openssl req -in www.earth.com_server.pem.base64.csr -noout -text |
Submit Public Key to CA
...
No Format |
---|
www.earth.com_server.pem.base64.crt |
Warning |
---|
Provide a sub-page to explain the CA signing process as an example. |
...
Code Block |
---|
|
mv sub.class1.server.ca.pem StartCom_Class_1_Primary_Intermediate_Server_CA_base64.pem.crt |
Concatenating Chain Certficates
...
Code Block |
---|
|
sudo cp www.earth.com.base64.pem.crt /etc/ssl/certs
sudo chown root:root /etc/ssl/certs/www.earth.com.base64.pem.crt |
Note |
---|
The above chown root:root command ensure the signed public key is protected. Also, if you are using a user other than root to start Apache, then adjust the file ownership to that user. |
...
Code Block |
---|
|
sudo cp www.earth.com_server.key /etc/ssl/private/
sudo chmod 400 /etc/ssl/private/www.earth.com_server.base64.pem.key # The file should only be view-able by the owner
sudo chown root:ssl-cert /etc/ssl/private/www.earth.com_server.base64.pem.key # Make the user starting Apache the owner, in this case it is root. |
...