Coremanaged SSL: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 2: | Line 2: | ||
To install a ssl certificate on a coremanaged box you will need to do the following.<br> | To install a ssl certificate on a coremanaged box you will need to do the following.<br> | ||
First you will need to create the RSA key using the following line.<br>(change the domain to what you are working on in all instances of | First you will need to create the RSA key using the following line.<br>(change the domain to what you are working on in all instances of domain.com.) | ||
'''CSR generation''' | '''CSR generation''' | ||
<pre>openssl genrsa -out | <pre>openssl genrsa -out domain.com.key 2048 | ||
chmod 400 | chmod 400 domain.com.key</pre> | ||
'''Add the ns record''' | '''Add the ns record''' | ||
<pre> | <pre>cd /var/named/ | ||
vim domain.com.db | |||
Below is a template dns record you can use. Don't forget to title it "domain.com.db". | |||
<pre> | |||
$TTL 300 | |||
domain.com. 86400 IN SOA ns1.domain.com. template.liquidweb.com. ( | |||
2010052200 ;Serial Number | |||
86400 ;refresh | |||
7200 ;retry | |||
3600000 ;expire | |||
86400 ;minimum | |||
) | |||
domain.com. 86400 IN NS ns1.domain.com. | |||
domain.com. 86400 IN NS ns2.domain.com. | |||
domain.com. 300 IN A 69.167.155.110 | |||
localhost 300 IN A 127.0.0.1 | |||
domain.com. 300 IN MX 0 domain.com. | |||
mail 300 IN CNAME domain.com. | |||
www 300 IN CNAME domain.com. | |||
ftp 300 IN A IP here | |||
ns1 300 IN A IP here | |||
ns2 300 IN A IP here | |||
host 300 IN A IP here | |||
</pre> | |||
<pre>cd /var/named/ | <pre>cd /var/named/ | ||
vim | vim domain.com.db | ||
rndc reload | rndc reload domain.com | ||
rndc reload | rndc reload domain.com</pre> | ||
'''Add the Vhost entry''' | '''Add the Vhost entry''' | ||
Line 26: | Line 54: | ||
<pre> | <pre> | ||
<VirtualHost | <VirtualHost (sites ip here):443> | ||
ServerName | ServerName domain.com | ||
DocumentRoot | DocumentRoot | ||
UseCanonicalName Off | UseCanonicalName Off | ||
SSLEngine on | SSLEngine on | ||
SSLCertificateFile /etc/pki/tls/certs/ | SSLCertificateFile /etc/pki/tls/certs/domain.com.crt | ||
SSLCertificateKeyFile /etc/pki/tls/private/ | SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key | ||
SSLCACertificateFile /etc/pki/tls/certs/ | SSLCACertificateFile /etc/pki/tls/certs/domain.com.cabundle | ||
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown | SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown | ||
</VirtualHost> | </VirtualHost> | ||
</pre> | </pre> |
Revision as of 23:20, 22 May 2010
Coremanaged SSL
To install a ssl certificate on a coremanaged box you will need to do the following.
First you will need to create the RSA key using the following line.
(change the domain to what you are working on in all instances of domain.com.)
CSR generation
openssl genrsa -out domain.com.key 2048 chmod 400 domain.com.key
Add the ns record
cd /var/named/ vim domain.com.db Below is a template dns record you can use. Don't forget to title it "domain.com.db". <pre> $TTL 300 domain.com. 86400 IN SOA ns1.domain.com. template.liquidweb.com. ( 2010052200 ;Serial Number 86400 ;refresh 7200 ;retry 3600000 ;expire 86400 ;minimum ) domain.com. 86400 IN NS ns1.domain.com. domain.com. 86400 IN NS ns2.domain.com. domain.com. 300 IN A 69.167.155.110 localhost 300 IN A 127.0.0.1 domain.com. 300 IN MX 0 domain.com. mail 300 IN CNAME domain.com. www 300 IN CNAME domain.com. ftp 300 IN A IP here ns1 300 IN A IP here ns2 300 IN A IP here host 300 IN A IP here
cd /var/named/ vim domain.com.db rndc reload domain.com rndc reload domain.com
Add the Vhost entry Usually located here.
vim /etc/httpd/conf.d/ssl_vhosts.conf
Then add the following and modify it to have the paths and ip that you will be using for your new ssl domain.
<VirtualHost (sites ip here):443> ServerName domain.com DocumentRoot UseCanonicalName Off SSLEngine on SSLCertificateFile /etc/pki/tls/certs/domain.com.crt SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key SSLCACertificateFile /etc/pki/tls/certs/domain.com.cabundle SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </VirtualHost>