Coremanaged SSL
Coremanaged SSL
To install a ssl certificate on a coremanaged box you will need to do the following.
First you will need to create the RSA key using the following line.
(change the domain to what you are working on in all instances of domain.com.)
CSR generation
- IF there are previous certificates and key please move to be backed up. (replace domain.com with customers domain.) ***
ls /etc/pki/tls/certs/ ls /etc/pki/tls/private/
And if you see the domain that you are working with, Do the following.
mv /etc/pki/tls/certs/domain.com.csr /etc/pki/tls/certs/domain.com.csr.old mv /etc/pki/tls/certs/domain.com.crt /etc/pki/tls/certs/domain.com.crt.old mv /etc/pki/tls/certs/domain.com.cabundle /etc/pki/tls/certs/domain.com.cabundle.old mv /etc/pki/tls/private/domain.com.key /etc/pki/tls/private/domain.com.key.old
Now proceed With making the new RSA key.
cd /etc/pki/tls/private/ mv domain.com.key domain.com.key.old openssl genrsa -out domain.com.key 2048 chmod 400 domain.com.key
Now for the CSR.
cd /etc/pki/tls/certs/ mv domain.com.csr domain.com.csr.old openssl req -new -nodes -key domain.key -out domain.com.csr
If there are previous certificates and key please move to be backed up. (replace domain.com with customers domain.)
mv /etc/pki/tls/certs/domain.com.csr /etc/pki/tls/certs/domain.com.csr.old mv /etc/pki/tls/certs/domain.com.crt /etc/pki/tls/certs/domain.com.crt.old mv /etc/pki/tls/certs/domain.com.cabundle /etc/pki/tls/certs/domain.com.cabundle.old mv /etc/pki/tls/private/domain.com.key /etc/pki/tls/private/domain.com.key.old <pre> You will now be asked to answer the following. <pre> You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code): State or Province Name (full name): Locality Name (eg, city): Organization Name (eg, company): Organizational Unit Name (eg, section): Common Name (eg, your name or your server's hostname): Email Address: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password: An optional company name:
After answering those questions your certificate will be located in that directory:
/etc/pki/tls/certs/cat it and go to globalsign and purchase the cert.
SSL installation
Add the ns record
cd /var/named/ vim domain.com.db
Below is a template dns record you can use. Don't forget to title it "domain.com.db".
$TTL 300
domain.com. 86400 IN SOA ns1.domain.com. template.liquidweb.com. (
2010052200 ;Serial Number
86400 ;refresh
7200 ;retry
3600000 ;expire
86400 ;minimum
)
domain.com. 300 IN NS ns1.domain.com.
domain.com. 300 IN NS ns2.domain.com.
domain.com. 300 IN A 69.167.155.110
localhost 300 IN A 127.0.0.1
domain.com. 300 IN MX 10 domain.com.
mail 300 IN CNAME domain.com.
www 300 IN CNAME domain.com.
ftp 300 IN A IP here
ns1 300 IN A IP here
ns2 300 IN A IP here
host 300 IN A IP here
cd /var/named/ vim domain.com.db rndc reload domain.com rndc reload domain.com
Add the Vhost entry Usually located here.
vim /etc/httpd/conf.d/ssl_vhosts.conf
Then add the following and modify it to have the paths and ip that you will be using for your new ssl domain.
<VirtualHost (sites ip here):443>
ServerName domain.com
DocumentRoot /var/www/(username goes here)/www/
UseCanonicalName Off
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
SSLCACertificateFile /etc/pki/tls/certs/domain.com.cabundle
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
'complete the installation Run the following.
/etc/init.d/httpd restart
Then go to SSLtester.com and verify your work.