CSR Support

 

Apache-SSLeay-Open SSL

Key and CSR Generation

1.     The utility openssl that you use to generate the key and CSR comes with OpenSSL and is usually installed under /usr/local/ssl/bin. Select five large and relatively random files from your hard drive (compressed log files are a good start). These will act as your random seed enhancers. We refer to them as file1:...:file5 below.

2.     Go to your SSL directory  cd /usr/local/ssl/private

3.    Generate a private key: openssl genrsa -des3 -rand file1:...:file5 1024 > www.xxx.com.key

Note: PLEASE backup your www.xxx.com.key and make a note of the passphrase

4.     Go to your certs directory  cd /usr/local/ssl/certs

5.     Generate a CSR from your key: openssl req -new -key ../private/www.xxx.com.key > www.xxx.com.csr

 


 CSR installation

 

Installing a Server Certificate using Apache-SSL/OpenSSL


  1. IPSCA will send your Server Certificate via e-mail. You will also require an intermediate certificate available here . Each certificate will look something like the following: 
          -----BEGIN CERTIFICATE-----
      JIEBSDSCEXoCHQEwLQMJSoZILvoNVQECSQAwcSETMRkOAMUTBhMuVrM
      mIoAnBdNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQ 
      QLExNQZXJzb25hIENlcnRpZmljYXRlMSQwIgYDVQQDExtPcGVuIE1hc
      mtldCBUZXN0IFNlcnZlciAxMTAwHhcNOTUwNzE5MjAyNzMwWhcNOTYw
      NTE0MjAyOTEwWjBzMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIER
      hdGEgU2VjdXJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydG
      lmaWNhdGUxJDAiBgNVBAMTG09wZW4gTWFya2V0IFRlc3QgU2VydmVyI
      DExMDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDU/7lrgR6vkVNX40BA
      q1poGdSmGkD1iN3sEPfSTGxNJXY58XH3JoZ4nrF7mIfvpghNi1taYim
      vhbBPNqYe4yLPAgMBAAEwDQYJKoZIhvcNAQECBQADQQBqyCpws9EaAj
      KKAefuNP+z+8NY8khckgyHN2LLpfhv+iP8m+bF66HNDUlFz8ZrVOu3W 
      QapgLPV90kIskNKXX3a 
      -----END CERTIFICATE-----
  2. Copy the server certificate, including the begin certificate and end certificate lines into a text editor such as Notepad (do not use Word or another word processing program.) Make sure that the certificate appears as formatted above. In other words, make sure that the begin certificate and end certificate lines are by themselves.

  3. Save the server certificate as a text file with a .crt file extension (e.g. www.yourserver.com.crt) to your OpenSSL certs directory, usually /usr/local/ssl/certs but this may vary depending on your particular configuration.

Step two: Install the Intermediate Certificates

You will need to install the chain certificate (intermediate) in order for browsers to trust your certificate. As well as your SSL certificate ( yourdomainname.crt) two other certificates, named IPSSERVIDORES.crt and ipsCACLASEA1.crt , they are also attached to the email from ipsCA. Apache users will not require these certificates. Instead you can install the intermediate certificates using a 'bundle' method IPS-IPSCABUNDLE.crt.

In the Virtual Host settings for your site, in the httpd.conf file, you will need to add the following SSL directives.This may be achieved by:

1. Copy IPS-IPSCABUNDLE.crt to the same directory as httpd.conf (this contains all of the ca certificates in the ipsCA chain).

2. Add the following line to httpd.conf (assuming /etc/httpd/conf is the directory mentioned in 1.), if the line already exists amend it to read the following:

SSLCACertificateFile /usr/local/ssl/private/IPS-IPSCABUNDLE.crt

If you are using a different location and certificate file names you will need to change the path and filename to reflect your server.

The SSL section of the updated httpd config file should now read similar to this example (depending on your naming and directories used):

SSLCertificateKeyFile /usr/local/ssl/certs/www.yourserver.com.key SSLCertificateFile /usr/local/ssl/private/www.yourserver.com.crt SSLCACertificateFile /usr/local/ssl/private/IPS-IPSCABUNDLE.crt

Save your httpd.conf file and restart. You can most likely do so by using the apachectl script:

Restart your Server

You are now all set to start using your ipsCA certificate with your apache-SSLeay

 

 
© 1996 - 2007 ipsCA, IPS Certification Authority, S.L. all Rights reserved.
Our CPS summarized or complete, CRLs, Root Certificates and legal documents
  can be found in our repository
Read our  Privacy Policy and Terms of Use