To make a SSL certificate, we need to generate CSR code first. After that there is a few steps to follow.
Generating a Certificate Signing Request (CSR) using OpenSSL (Apache & mod_ssl, NGINX)
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
You will now be asked to enter details to be entered into your CSR.
Country Name (2 letter code) [AU]: GB State or Province Name (full name) [Some-State]: Yorks Locality Name (eg, city) : York Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd Organizational Unit Name (eg, section) : IT Common Name (eg, YOUR name) : mysubdomain.mydomain.com Email Address :
Use the name of the web-server as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name).
- The extracted contents will typically be named: yourDomainName.crt and yourDomainName.ca-bundle
- Move the Private Key that was generated earlier to the ssl.key directory, which is typically found in/etc/ssl/. This must be a directory which only Apache can access.
- Move the yourDomainName.crt and yourDomainName.ca-bundle to the ssl.crt directory, which is typically found in the /etc/ssl/ directory.
Edit Apache SSL configuration
SSLEngine on SSLCertificateKeyFile /etc/ssl/ssl.key/server.key SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle