Obtaining a SSL certificate from a Certificate Authority (CA) for the Apache Server
Perform the following procedure to obtain an SSL certificate from a Certificate Authority (CA) for the Apache server.
Before you begin
Before you begin this procedure, you must set the environment variable appropriate for your operating system:
- (Microsoft Windows) OPENSSL_CONF=C:\Program Files\BMC Software\TrueSight\pw\apache\conf\openssl.cnf
- (UNIX or Linux) LD_LIBRARY_PATH=$LD_LIBRARY_PATH: /usr/pw/apache/lib/
To obtain an SSL certificate from a Certificate Authority (CA) for the Apache server
- Create an RSA private key for your Apache server.
- Access the appropriate directory for your operating system:
- (Microsoft Windows) installationDirectory\pw\apache\bin
- (UNIX or Linux) /usr/pw/apache/openssl/bin
Enter the the command to create an RSA private key that is Triple-DES encrypted and PEM formatted that is appropriate for your operating system:
(Microsoft Windows)openssl genrsa -des3 -out my-server.key 1024(UNIX or Linux)
openssl genrsa -des3 -out server.key 1024Back up the key file that you just created and remember the pass-phrase you had to enter at a secure location. You can see the details of this RSA private key by entering the command appropriate for your operating system:
(Microsoft Windows)
openssl rsa -noout -text -in my-server.key(UNIX or Linux)
openssl rsa -noout -text -in server.keyRun the following command to remove the passphrase from the key:
#(Microsoft Windows)
openssl rsa -in my-server.key -out my-server.key#(UNIX or Linux)
openssl rsa -in server.key -out server.key
- Access the appropriate directory for your operating system:
- Create a Certificate Signing Request (CSR) with the server RSA private key.
- Access the appropriate directory for your operating system:
- (Microsoft Windows) installationDirectory\pw\Apache\conf
- (UNIX or Linux): /usr/pw/apache/openssl/ssl/conf
- Copy the files as appropriate for your operating system:
- (Microsoft Windows) Copy the installationDirectory\pw\Apache\conf\openssl.cnf file into the installationDirectory\pw\Apache\bin directory.
- (UNIX or Linux) Copy the /usr/pw/apache/openssl/ssl/conf/openssl.cnf file into the /usr/pw/apache/openssl/bin directory.
- Access the appropriate directory for your operating system:
- (Microsoft Windows) installationDirectory\pw\Apache\bin
- (UNIX or Linux) /usr/pw/apache/openssl/bin
Enter the command to create a CSR that is PEM formatted that is appropriate for your operating system:
(Microsoft Windows)openssl req -new -key my-server.key -out my-server.csr -config ./openssl.cnf(UNIX or Linux)
openssl req -new -key server.key -out server.csr -config ./openssl.cnf
- Access the appropriate directory for your operating system:
- Send the Certificate Signing Request (CSR) to a Certifying Authority (CA) for signing using one of the following methods:
- Have the CSR be signed by a commercial CA like Verisign or Thawte. This process usually requires you to post the CSR into a web form, pay for the signing, and await the signed certificate that you can then store in a my-server.crt (Microsoft Windows) file or a server.crt (UNIX or Linux) file. For more information about commercial CAs see:
- Verisign: http://digitalid.verisign.com/server
- Thawte Consulting: http://www.thawte.com/certs/server/request.html
- CertiSign Certificadora Digital Ltd: http://www.certisign.com.br
- IKS GmbH: http://www.iks-jena.de/produkte/ca/
- Uptime Commerce Ltd: http://www.uptimecommerce.com
- BelSign NV/SA: http://www.belsign.be
- Use your own CA and get the CSR signed by this CA.
The result is then a real certificate that can be used for Apache.
- Have the CSR be signed by a commercial CA like Verisign or Thawte. This process usually requires you to post the CSR into a web form, pay for the signing, and await the signed certificate that you can then store in a my-server.crt (Microsoft Windows) file or a server.crt (UNIX or Linux) file. For more information about commercial CAs see:
- Replace the dummy key and certificate files with the real key and certificate files that you have created by following these steps:
- Access the appropriate directory for your operating system:
- (Microsoft Windows) installationDirectory\pw\Apache\conf
- (UNIX) or (Linux) /usr/pw/apache/conf
- Replace the key file appropriate for your operating system with the RSA private key file that you created in Step Obtaining a SSL certificate from a Certificate Authority (CA) for the Apache Server#1:
- (Microsoft Windows) Replace my-server.key in the installationDirectory\pw\Apache\conf directory.
- (UNIX or Linux) Replace the server.key file in the /usr/pw/apache/conf directory.
- Replace the certificate file appropriate for your operating system with the RSA private certificate my-server.crt file that you created in Step 2:
- (Microsoft Windows) Replace the my-server.cert file in the installationDirectory\pw\Apache\conf directory.
- (UNIX or Linux) Replace the server.crt file in the /usr/pw/apache/conf directory.
- Access the appropriate directory for your operating system:
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*