SSL main server / DA

Ok, found it.
SSL on the server's main domain:



If an Admin wishes to add an SSL certificate on the main server's domain, they must do it manually. To do this, the Admin must obtain the certificate and key (explained in just a moment). After these have been acquired, the Admin will have to edit /etc/httpd/conf/httpd.conf file and scroll to the very bottom. You should see 2 virtual host directives. With the one that says <VirtualHost <yourip>:443> you must modify the SSL tags.


Set:


SSLCertificateFile <full path to certificate>
SSLCertificateKeyFile <full path to key>
and if provided with a CA certificate file ADD the following line
SSLCACertificateFile <full path to CA certificate>

You have a few options when it comes to obtaining the key and certificate. First you can create you own self signed certificate. You can do this by typing the following:


openssl req -new -x509 -days 365 -keyout key.temp -out certificate
openssl rsa -in key.temp -out key.real


The second line is to remove the password from the key so that apache won't hang on bootup waiting for the key password. Those commands will create a self signed certificate (remove the key.temp file after you're done) but if you want to use an authority to sign your certificate (removes the annoying popup), you'll need to create a certificate request:


openssl genrsa 1024 > key.real
openssl req -new -key key.real -out certificate.request


and you send the certificate.request file to to certificate authority to be signed. They will send you a signed certificate which you will install using the apache tags noted above (and you can delete the certificate.request file, it's not needed).

http://www.directadmin.com/technotes.html
 
Back
Top