You are looking for A-Z instructions, what i am doing here is to show you how to install a godaddy or starfield certificate to a website on apache server on a debian system, if you want the instructions to issue the certificate yourself (self signed certificate), i have covered that in another post, you can adopt this to the system of your choice, here i will explain what i am doing too so that you can adapt it to other systems<\/p>\n
Note that you need a dedicated IP address for every website \/ certificate.
\nI have apache already installed on debian squeeze and running a website with no SSL<\/p>\n
1- Before we begin, you may want to execute<\/p>\n
apt-get update<\/pre>\n2- Install openSSL, on debian this is done with<\/p>\n
apt-get install openssl ssl-cert<\/pre>\n3-Create a directory for the keys<\/p>\n
mkdir \/etc\/apache2\/sslkeys<\/pre>\n4- Creating a PRIVATE key (Give to no one)<\/p>\n
Before executing this command
\nYou will be asked to chose a password and enter it twice, please keep this password on a paper close to you since we will need this password to decrypt this key in the following steps, this password is important during this process, no longer important after that.<\/p>\nopenssl genrsa -des3 -out \/etc\/apache2\/sslkeys\/server.key 2048<\/pre>\n5- Create a signing request to give to godaddy or starfieldtech
\nBefore executing this command, remember that from the questions you will face, the only one that is TEHNICALLY IMPORTANT IS to use the common name<\/strong> example.com (not www.example.com), unless it is a subdomain other than www you can use subname.example.com, all other fields you should answer as you would like them to appear to people, but the certificate will not work with an incorrect common name<\/strong><\/p>\nopenssl req -new -key \/etc\/apache2\/sslkeys\/server.key -out \/etc\/apache2\/sslkeys\/server.csr<\/pre>\nNOTE: we could have created a signing request and a private key in one go with <\/p>\n
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr<\/pre>\nBut we chose to not do that because this tutorial aims to show you the exact steps and what they do<\/p>\n
6- Now, we have a secure signing request, all we need to do is give that to the issuing authority so that they can give us a signed public key<\/p>\n