This article will go through the first step of creating and eventually installing an SSL certificate. You'll use the same steps whether you are getting a traditional SSL from an authority like Verisign, a self signed certificate or the '*' Wildcard certificate. Most of the information I'm taking from RapidSSL's support documentation, which is also a great place to buy a certificate. The Rackspace Cloud is not a certificate authority and does not resell SSL certificates so you will need to go to a third party solution and purchase a certificate using this CSR.
What you'll need first is to install Openssl on your server, this is a common package and will be available on all of the major distros through their package installer. Here is how you check to see if it is installed in a "Yum" style system:
# rpm -qa | grep -i openssl
The above command should return the following packages, or something similar:
openssl-0.9.8e-7.el5 openssl-0.9.8e-7.el5 openssl-devel-0.9.8e-7.el5
If it didn't you'll want to run the following:
# yum install openssl openssl-devel
Create a RSA key for your Apache server, since every distro is different in where to place the certificates, we are just going to place it in an arbitrary spot:
# mkdir ~/domain.com.ssl/ # cd ~/domain.com.ssl/
Type the following command to generate a private key.
# openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
Type the following command to create a CSR with the RSA private key (output will be PEM format):
# openssl req -new -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
|Common Name||The fully qualified domain name for your web server. This must be an exact match.||If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com. If you plan on getting a Wildcard certificate make sure to prefix your domain with a '*' ex. *.domain.com|
|Organization||The exact legal name of your organization. Do not abbreviate your organization name.||domain.com|
|Organization Unit||Section of the organization||IT|
|City or Locality||The city where your organization is legally located.||Wellesley Hills|
|State or Province||The state or province where your organization is legally located. Can not be abbreviated.||Massachusetts|
|Country||The two-letter ISO abbreviation for your country.||US|
Do not enter extra attributes at the prompt.
# openssl req -noout -text -in ~/domain.com.ssl/domain.com.csr
From this point you have to take your CSR that you created here and submit it to a certificate authority. Ones that we recommend are going to be Verisign, Thawte and RapidSSL. There are also a number of other certificate authorities out there, shop around.
Check out the next article in this line Installing an SSL certificate.
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License