Steps for obtaining your own SSL Certificate

Steps for obtaining your own SSL Certificate:

1) SSH or telnet to your server

2) Make a directory for the SSL keys:

mkdir ~/ssl

and go to that directory (where the CSR, Cert and PrivateKey are to be stored):

cd ~/ssl

3) issue command:

openssl req -new > ssl.csr

4) Make entries as requested. Remeber your pass phrase (write it down if need be), it must be 4 letters or longer. Spell out the State/Province name. Organization Name is your Company name.
Unit name (like IT, or Web) is the division of the company doing the Web/SSL work. Remember that "COMMON NAME" refers to the domain name that you want show on the Cert and to use when accessing your site using SSL (ie domain.com OR www.domain.com OR cname.domain.com OR *.domain.com). Email address is the address you want the signing company to send renewal and update notices to. Just leave the challenge password and optional company name blank unless the signing company needs something specific filled in for them.

5) The CSR is now in a file called ssl.csr in this directory (~/ssl/ssl.csr), because you can use this CSR to make renewals to your Cert in years to come you might want to make a backup to your PC. You will need to cut and paste the CSR into a webpage when ordering your Cert from your signing company, so just run the following command to display your CSR:

more ssl.csr

Cut and paste everything shown, including the "BEGIN" and "END" lines and
all the dashes.

6) the server put your Private Key that goes with the CSR into a file called privkey.pem (which will be written over if you re-run the openssl command above).

7) The CSR you generated can now be used to obtain an SSL Cert from a signing company, follow the directions on the signing companies site (see verisign.com and thawte.com for the major signing companies).

8) Once you have the Cert copy it to your server as ~/ssl/ssl.cert (if using ftp make sure to NOT upload in Binary, that will cause problems).

9) Now you will need to encrypt the Private Key to the new Cert. Simply run this command:

openssl rsa -in privkey.pem -out ssl.pk

The pass phrase is the one you input in step 4

10) You are now set to load the SSL keys into the Apache Web Servers memory. Run the following commands:

sslctrl installpkey < ssl.pk
sslctrl installcert < ssl.cert
sslctrl installcsr < ssl.csr
sslctrl enable

11) Check/test your website to see if the correct information is given for your SSL Cert. Go to https://yourdomain.com and check the SSL Cert information (click the lock symbol on your browser and select view details). It should no longer list *.securesites.com as whom the Cert belongs to, but instead it should have your domain.