Step:1 Generate key for Apache in linux.
[root@hostname test]# openssl genrsa -out postrga.key 2048
Generating RSA private key, 2048 bit long modulus
.............................+++
..............................................................+++
e is 65537 (0x10001)
[root@hostname test]# ls
postrga.key
Step:2 Generate csr from postrga key.
[root@hostname test]# openssl req -new -key postrga.key -out postrga.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:QA
State or Province Name (full name) []:DOHA
Locality Name (eg, city) [Default City]:Doha
Organization Name (eg, company) [Default Company Ltd]:B bank
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:hostname
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:welcome123
An optional company name []:NA
[root@hostname test]# ls -lrt
total 8
-rw-r-----. 1 root root 1679 Oct 5 09:22 postrga.key
-rw-r-----. 1 root root 1058 Oct 5 09:25 postrga.csr
Step:3 Validate key.
[root@hostname test]# openssl rsa -in postrga.key -check
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzIXG3I02jOPsGdlqMj1h2U3/vCZoXfEdPY/0uZpM5FHjuo38
0UggfO88ZtMECgsPwEy2mmJ9w55S+/aJoojwdDyZgT2VOPIwRsheTh0zD9s374Y8
ZSTbmCSVIPeunw6N5iUW7qYH99VgLPo87hwbJauetDRxDF9A1OT0lTCxI/dO3dHb
/mYGdc1tbmpifENrgYZJmHKRHiKWVNDrzI9FyyjIUF2ziCFXQf0c+ZaIT0zj7L5H
Uv0rvJkFKfc6QQdbfryOtqhTVIpE81TQ9ygw3M0pARReo4pj4VyYWvw5/orCpmQ0
kE5w2j2aAkLbieWpMut4MwtEo0MzaePiDsZ7qwIDAQABAoIBABdEoPs2lZ4x0Aqg
0ZQlp5wxY4bkV7tYUxtN5Wm4REc1idMPlFO7APc1wIlyOGNsHr6h+6RU0DoRKR/B
TKdRLQoMWup5NyDjbNqgsRnx+H01U4fMndJj/xewEcdOZm9yGHK2hYVhHkbz350+
WvA8Alqmy8d0r+fYbmfKJIlUoNKWfC7lVTndg6WWCVqhJ/Dtgd8zHf9c1eH2XcOM
NNTTlLhpOc/TKyCeQChpbUeqLm71eJuMOzKHo71ZhuSUBWmQvnTZ3XgvRpJ/2nt9
ut5TTzz0XBS/x/UMoTOVBeCuAp3IiXfTWHQZ2tEeKHVOb/HIGf5To7XHydyT++PI
kgoLmgECgYEA6a2yQErTjLn//jkXpilC0EuDJPp1o92fstLPDokRqJJKLrf06Q5A
Adp5oEImjfqIxu0JiB6q5duHL0NxYF5Zi0XCdjYL4+NZq2GQMwz02VX61A9jQ6dj
oe2Y/GQp6HNFPJRsEH7PHDrJ7r7pIiazS2yCYsDaNWY/d3KbdibvrfMCgYEA4A8c
K6kKUhLRUPiIe/pecziWd3wa9hU9reFAwKlh0YxxM6dYe8nDpEhrq1/VZj2PHYNi
qUXNqbDR9u1KLXhxG9d0hcD/XLP9nQZ/up3nEKaPjKpq5qFZohUPpRt+tAXxxch3
CFhI+0Aa5NOYK6VkgLaPeAG6aS7OJ+wkg3ApEWkCgYEAq/nRfc+T8bXR2N9bsEYd
jf6E/en2OisZJRpQmHn4LP+86LUp4XtDUBnh+Te1+DeyAfThVvR7Ab+WtgoEns/R
RtaIT0dnaMghbifXYDrg2DKW7wqEG35NrRaXyOhOj2yGQBdbkKhC9Juvka2fFis1
OQUa0GLuNO6TNu15zHLLYlECgYEA0/r3uAbyELxk9Kpu1n0FpxU+pkTwbSmjdULL
tHuMZGjvIOOOv28gfelWlIjSqSxMnquTSHsWHRmBTJErwOFWgfTR9UmnT9mqdEmV
xsVlu0caQQdqpFC7MLGkX50nvsJw/6Ktm2OLiMoZp6zZJ1IPSAdwrSVVa/YwbWzp
DsGq2SECgYA3Q6U0ZQAyUZyYUVXXr1a6O1rtdLcZFQ2GhHTOEMnS10LsHULH20Oz
6iUsqs7Pq/cp24QJPix/9TJUGILJUDRKF9MLIHEwa8QgI1nZPCHUGfbvd6GM3bPi
Ox1ESgJahisOE+6uE2Y6kHbr3C7X/UF8sSZ3SGYy/VRybDT5DiQjCw==
-----END RSA PRIVATE KEY-----
Step: 4 Validate generate CSR.
[root@hostname test]# openssl req -text -noout -verify -in postrga.csr
verify OK
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=QA, ST=DOHA, L=Doha, O=B bank, OU=IT, CN=hostname
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cc:85:c6:dc:8d:36:8c:e3:ec:19:d9:6a:32:3d:
61:d9:4d:ff:bc:26:68:5d:f1:1d:3d:8f:f4:b9:9a:
4c:e4:51:e3:ba:8d:fc:d1:48:20:7c:ef:3c:66:d3:
04:0a:0b:0f:c0:4c:b6:9a:62:7d:c3:9e:52:fb:f6:
89:a2:88:f0:74:3c:99:81:3d:95:38:f2:30:46:c8:
5e:4e:1d:33:0f:db:37:ef:86:3c:65:24:db:98:24:
95:20:f7:ae:9f:0e:8d:e6:25:16:ee:a6:07:f7:d5:
60:2c:fa:3c:ee:1c:1b:25:ab:9e:b4:34:71:0c:5f:
40:d4:e4:f4:95:30:b1:23:f7:4e:dd:d1:db:fe:66:
06:75:cd:6d:6e:6a:62:7c:43:6b:81:86:49:98:72:
91:1e:22:96:54:d0:eb:cc:8f:45:cb:28:c8:50:5d:
b3:88:21:57:41:fd:1c:f9:96:88:4f:4c:e3:ec:be:
47:52:fd:2b:bc:99:05:29:f7:3a:41:07:5b:7e:bc:
8e:b6:a8:53:54:8a:44:f3:54:d0:f7:28:30:dc:cd:
29:01:14:5e:a3:8a:63:e1:5c:98:5a:fc:39:fe:8a:
c2:a6:64:34:90:4e:70:da:3d:9a:02:42:db:89:e5:
a9:32:eb:78:33:0b:44:a3:43:33:69:e3:e2:0e:c6:
7b:ab
Exponent: 65537 (0x10001)
Attributes:
unstructuredName :NA
challengePassword :welcome123
Signature Algorithm: sha256WithRSAEncryption
0a:65:b6:45:ee:16:2d:f7:c4:8a:9c:22:56:a8:f9:dd:01:34:
dc:dd:25:ba:91:7d:21:b1:d9:40:02:a7:9d:53:17:30:c6:06:
36:0e:6f:ea:ab:04:47:69:ac:9e:a3:4f:0a:38:59:75:2f:95:
62:a1:b2:eb:85:73:94:c2:55:c8:47:ea:c8:97:a7:a0:28:69:
ff:e3:7e:e8:36:0b:01:f4:b7:46:97:76:b1:2a:14:8e:46:16:
66:2b:f1:2e:53:a2:5a:11:c5:3c:25:03:dc:aa:fd:d3:a7:96:
b8:97:b9:6d:36:ff:ef:72:83:58:24:e4:05:97:8c:fa:87:22:
12:ca:e1:c6:f4:7d:40:dc:c3:1b:59:0e:60:7f:cd:87:af:4b:
38:59:a6:50:5b:7d:bf:d6:65:97:d3:e2:30:6c:ab:d8:ee:cf:
b8:c2:ca:9a:8d:2f:68:fa:05:92:17:6d:8e:67:7b:c3:d0:8b:
57:f9:7f:c6:44:5d:12:4a:27:a2:c7:4f:b0:2e:43:df:f1:d4:
c9:94:87:e9:5e:21:82:ed:d7:56:1d:5d:bb:70:81:72:f8:b6:
f5:ad:8b:d1:2d:f5:38:68:33:b6:2e:0c:2c:33:f1:80:44:46:
0c:8b:f0:5b:52:91:53:81:9d:74:f5:5c:7d:d6:14:af:3c:18:
8d:55:18:a9
[root@hostname test]# ls
postrga.csr postrga.key
Step: 5 Send csr file to Digicert authority to get the cert file.
Step: 6 Copy all the files in below path which is given by Digicert authority.
[root@hostname test]# ls /root/test/
postrga.csr postrga.key
Step:6 Now you can configure this path /root/test/ in ssl.
If you don't have an SSL certificate, your website may still function as always, but it will be vulnerable to hackers and Google will warn visitors that your website is not secure. Google also gives priority to websites that have an SSL certificate.
ReplyDeleteHOW MUCH DOES AN SSL CERTIFICATE COST