Coremanaged SSL: Difference between revisions

From Cheatsheet
Jump to navigation Jump to search
← Older editNewer edit →
No edit summary
No edit summary
Line 2: Line 2:


To install a ssl certificate on a coremanaged box you will need to do the following.<br>
To install a ssl certificate on a coremanaged box you will need to do the following.<br>
First you will need to create the RSA key using the following line.<br>(change the domain to what you are working on in all instances of verabill.com or labaik.verabill.com.)
First you will need to create the RSA key using the following line.<br>(change the domain to what you are working on in all instances of domain.com.)


'''CSR generation'''
'''CSR generation'''
<pre>openssl genrsa -out labaik.verabill.com.key 2048
<pre>openssl genrsa -out domain.com.key 2048
chmod 400 labaik.verabill.com.key</pre>
chmod 400 domain.com.key</pre>
 
 




'''Add the ns record'''
'''Add the ns record'''
<pre>labaik 14400   IN      A      69.167.155.113</pre>
<pre>cd /var/named/
vim domain.com.db
 
Below is a template dns record you can use.  Don't forget to title it "domain.com.db".
 
<pre>
$TTL 300
domain.com.  86400  IN      SOA    ns1.domain.com.      template.liquidweb.com.      (
                        2010052200 ;Serial Number
                                                86400 ;refresh
                                                7200 ;retry
                                                3600000 ;expire
                                                86400 ;minimum
        )
 
domain.com.  86400  IN      NS      ns1.domain.com.
domain.com. 86400  IN      NS      ns2.domain.com.
 
domain.com.  300   IN      A      69.167.155.110
localhost      300  IN      A      127.0.0.1
domain.com.  300  IN      MX      0      domain.com.


This one is for a sub domain but add something of the same equivalent
mail            300  IN      CNAME  domain.com.
www            300  IN      CNAME  domain.com.
ftp            300  IN      A      IP here
ns1            300  IN      A      IP here
ns2            300  IN      A      IP here
host            300  IN      A      IP here
</pre>


<pre>cd /var/named/
<pre>cd /var/named/
vim verabill.com.db
vim domain.com.db
rndc reload verabill.com
rndc reload domain.com
rndc reload verabill.com</pre>
rndc reload domain.com</pre>


'''Add the Vhost entry'''
'''Add the Vhost entry'''
Line 26: Line 54:


<pre>
<pre>
<VirtualHost 69.167.155.113:443>
<VirtualHost (sites ip here):443>


         ServerName labaik.verabill.com
         ServerName domain.com
         DocumentRoot /usr/share/phpmyadmin
         DocumentRoot  
         UseCanonicalName Off
         UseCanonicalName Off


         SSLEngine on
         SSLEngine on
         SSLCertificateFile /etc/pki/tls/certs/labaik.verabill.com.crt
         SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
         SSLCertificateKeyFile /etc/pki/tls/private/labaik.verabill.com.key
         SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
         SSLCACertificateFile /etc/pki/tls/certs/labaik.verabill.com.cabundle
         SSLCACertificateFile /etc/pki/tls/certs/domain.com.cabundle
         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown


</VirtualHost>
</VirtualHost>
</pre>
</pre>

Revision as of 23:20, 22 May 2010

Coremanaged SSL

To install a ssl certificate on a coremanaged box you will need to do the following.
First you will need to create the RSA key using the following line.
(change the domain to what you are working on in all instances of domain.com.)

CSR generation 

openssl genrsa -out domain.com.key 2048
chmod 400 domain.com.key



Add the ns record 

cd /var/named/
vim domain.com.db

Below is a template dns record you can use.  Don't forget to title it "domain.com.db".

<pre>
$TTL 300
domain.com.  86400   IN      SOA     ns1.domain.com.      template.liquidweb.com.       (
                        2010052200 ;Serial Number
                                                86400 ;refresh
                                                7200 ;retry
                                                3600000 ;expire
                                                86400 ;minimum
        )

domain.com.  86400   IN      NS      ns1.domain.com.
domain.com.  86400   IN      NS      ns2.domain.com.

domain.com.   300   IN      A       69.167.155.110
localhost       300   IN      A       127.0.0.1
domain.com.   300   IN      MX      0       domain.com.

mail            300   IN      CNAME   domain.com.
www             300   IN      CNAME   domain.com.
ftp             300   IN      A       IP here
ns1             300   IN      A       IP here
ns2             300   IN      A       IP here
host            300   IN      A       IP here

cd /var/named/
vim domain.com.db
rndc reload domain.com
rndc reload domain.com

Add the Vhost entry Usually located here. 

vim /etc/httpd/conf.d/ssl_vhosts.conf

Then add the following and modify it to have the paths and ip that you will be using for your new ssl domain. 

<VirtualHost (sites ip here):443>

        ServerName domain.com
        DocumentRoot 
        UseCanonicalName Off

        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
        SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
        SSLCACertificateFile /etc/pki/tls/certs/domain.com.cabundle
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

</VirtualHost>
Retrieved from "https://wiki.shooltz.net/w/index.php?title=Coremanaged_SSL&oldid=481"