SSL Certificates

• Apache SSL
• OpenSSL
• Security
• VeriSign Certificates

• Apache: create self-signed certificates
• Check SSL Certificate
• SSL Server Test - Check security of SSL

These are the steps involved in generating an SSL certificate to be validated by an SSL provider:

Create a private key to be used only by that server:

openssl genrsa -out /etc/ssl/private/private.key 2048

Create a new CSR (Certificate Signing Request) file using the RSA private key.

When creating the CSR, you will need to populate the local information. For Common Name, use the domain name to be validated. For a wildcard domain, use *.domain.com. For a single hostname, use www.domain.com

openssl req -new -key /etc/ssl/private/private.key -out /etc/ssl/certs/domain.com.csr

Namecheap will ask for the newly generated CSR file.

Once you give them the file, they will ask for an email address to verify the SSL certificate creation with. They will pull a list of possible e-mail addresses to use. The recipient will receive a link to validate the creation of the SSL certificate. The process cannot be completed until they have validated, so make sure to send it to someone who will receive the email.

Once the order is validated, you will get an email from Namecheap with two files: the certificate, and the CA bundle.

Save the certificate to /etc/ssl/certs/domain.com.crt

Save the Certficate Authority bundle to /etc/ssl/certs/domain.com.cabundle