Chat with us, powered by LiveChat
Generate csr and install SSL through shell

Generate csr and install SSL through shell

You can generate a csr through the shell using the following command:
[email protected][/]# /scripts/gencsr
NOTE: You must have a Dedicated Hosting, Cloud Hosting or Cheap VPS Hosting to go about making changes using SSH.

This will ask you all the information like email address, domain name, country code, City, Company etc; fill the values and it generates a csr certificate and a private key.Use the following steps to install an ssl certificate:

Please check the domain name for which the ssl certificate is issued means www.domainname.com or domainname.com. Suppose you have to install an ssl certificate for domainname.com. You already generate csr for the domainname.com. Check following steps.

1)
Go to directory /usr/share/ssl/certs

[email protected][/]# cd /usr/share/ssl/certs

Please check domainname.com.csr file is present already.

[email protected][/usr/share/ssl/certs]# ls –l | grep domainname.com.csr

Create the .crt file and paste the ssl certificate into a .crt file as per below

[email protected] [/usr/share/ssl/certs]# vi domainname.com.crt

paste ssl certificate
save the file.

If cabundle is provided by the client then add it in the domainname.com.cabundle file under the directory /usr/share/ssl/certs

[email protected] [/usr/share/ssl/certs]# vi domainname.com.cabundle

paste the cabundle key and save the file.

2)

Go to directory /usr/share/ssl/private and check to see if the file domainname.com.key is already present.

[email protected][/]# cd /usr/share/ssl/private
[email protected][/usr/share/ssl/private]# ls –l | grep domainname.com.key

3)
Go to the file /etc/httpd/conf/httpd.conf and copy the virtual host entry for the domainname.com in notepad and add the following line above the end of the tag

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domainname.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domainname.com.key
SSLCACertificateFile /usr/share/ssl/certs/domainname.com.cabundle
SSLLogFile /usr/local/apache/domlogs/shop.discdudes.com-ssl_data_log
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown

Add the following line above the virtual host entry.

add the following line at the end of the virtualhost tag.

Now your sslVH entry should look like as per below. Please check the sample sslVH entry.

ServerAlias domainname.com
ServerAdmin [email protected]
DocumentRoot /home/username/public_html
BytesLog domlogs/domainname.com-bytes_log
ServerName domainname.com

User username
Group username

CustomLog /usr/local/apache/domlogs/domainname.com combined
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domainname.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domainname.com.key
SSLCACertificateFile /usr/share/ssl/certs/domainname.com.cabundle
SSLLogFile /usr/local/apache/domlogs/shop.discdudes.com-ssl_data_log
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown

4)
If cabundle is not given by the client then remove the following line from the sslVH entry

SSLCACertificateFile /usr/share/ssl/certs/domainname.com.cabundle

5)
Add the sslVH entry in httpd.conf file and restart the httpd service.

Now you are able to access site https://domainname.com

Please check the file paths are correctly specified for .crt, .key and .cabundle file. If the file paths are incorrect in the sslVH entry then the httpd service won’t started.

Sharing

Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.