In-Common SSL Cert Installation on Apache 2.2
The steps towards obtaining a free cert for ucla based webservers:
- Generate a CSR with a 2048-bit minimum key for each common name for which you require a cert
- Be sure that the common name(s) contain a fully qualified domain name
- Forward both the CSR and the common name information directly to incommon@noc.ucla.edu
Create the CSR and the KEY files by running the following:openssl req -new -newkey rsa:2048 -nodes -keyout SERVER.key -out SERVER.csr
where SERVER is the name of your server
Once receiving the email from NOC open the link that says “X509 Certificate only, Base64 encoded”, rename it to .CRT
now in the conf file add the following:
SSLEngine on
SSLCertificateFile /etc/apache2/certs/server_ucla_edu.crt
SSLCertificateKeyFile /etc/apache2/certs/server_ucla_edu.key
those settings are the basic and may require more directives options.