Apache based servers

Obtaining a Wildcard /MDC Server Certificate (apache)

To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, 'server', use the following command :

openssl req -new -nodes -keyout myserver.key -out server.csr

This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).
You will now be asked to enter details to be entered into your CSR

What you are about to enter is what is called a Distinguished Name or a DN.

For some fields there will be a default value, If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []:
An optional company name []:
-----

Use the name of the webserver as Common Name (CN). If the domain name is mydomain.com append the domain to the hostname (use the fully qualified domain name). In the case of a wild card you will need to use the format “*.example.com” and in the case requesting an MDC certificate you will specify a phase or description of what you want to appear on the certificate for example “Secure Sites hosted by (webhost name)”.

The fields email address, optional company name and challenge password can be left blank for a webserver certificate.

Installation of a Wildcard /MDC Server Certificate (apache)

Your server will need to be correctly configured for using virtual hosting or host headers. Once this is correctly setup you will need to configure your SSL virtual host sections as per the below examples this example is for an MDC with two entries of www.example.com and secure.example.com or a wild card with the CN of “*. example.com”







(where x.x.x.x is the ipaddress for this site)
ServerName www.example.com
DocumentRoot /usr/local/www/htdocs/example
ServerAdmin [email protected]
SSLEngine on
SSLCertificateKeyFile private/myserver.key
SSLCertificateFile certs/myserver.crt
SSLLog logs/ssl/example_cipher_log



(where x.x.x.x is the ipaddress for this site)
ServerName secure.example.com
DocumentRoot /usr/local/www/htdocs/secure.example
ServerAdmin [email protected]
SSLEngine on
SSLCertificateKeyFile private/myserver.key
SSLCertificateFile certs/myserver.crt
SSLLog logs/ssl/example_cipher_log