Apache SSL CSR Generation and Installation Instructions

This document provides instructions for generating a key pair and CSR for an ApacheSSL server.


Apache and OpenSSL

You will need to make sure that you have OpenSSL installed on your Web Server.

If your server is *nix or Linux, you can get OpenSSL from: http://www.openssl.org/source/

If your server is running Windows, You can download OpenSSL + ModSSL from: http://www.modssl.org/contrib/

Please view the documentation on these sites for instructions on how to install OpenSSL onto your web servers.


Generating a Key Pair using OpenSSL
Go into the directory that you are going to generate your key pairs in.


I.E.  /usr/local/apache/ssl.certs/


And then run the following command:


openssl req -new -nodes -keyout private.key -out public.csr


From here OpenSSL will ask you a series of questions that you will need to answer. Make sure that this information is correct for the Organization that will be reflected by the certificate. Make sure that you type in the full state, not the abbreviation. View the Screenshot below to see an example.


Example 1.  Make sure that you type in the full state, not the abbreviation.


You will notice that in my example, I created a Private key named private.key and a public key (CSR) named public.csr.

Your Private is not Encrypted!!
Run the following command to make your certificate encrypted.


#openssl rsa -in private.key -des3 -out secureprivate.key


You also will want to make the file only readable by the administrative account (*nix).


#chmod 400 secureprivate.key


Example 2.


You can now remove the un-encrypted private key file from your server.

You have now created the Key pair that you will use for your server. You can now go to the Enrollment page and use the CSR that you created. You just need to open up the file in a text editor that does not add extra characters (Notepad or Vi will work fine)