tech, tunes, and other stuff

Server Certificates

Need a new certificate for your Apache or Nginx web server? These are the steps you’re looking for.

First you’ll need a certificate signing request (CSR). To get that you’ll first need a key.

$ sudo openssl genrsa -out mydomain.com.key 2048
$ sudo openssl req -new -sha256 -key mydomain.com.key -out mydomain.com.csr

During creation of the CSR you will be asked a few questions. You can ignore “Organizational Unit Name”. One you definitely cannot ignore is Common Name. That is your domain, so when asked for common name enter your domain (eg: mydomain.com). You will be asked for “A Challenge Password”. Leave this one blank unless you will be there to type in the password when your web server starts up. In most cases, you won’t be so leave it blank.

Now go to your certificate authority such as CACerts.org. When you generate a new certificate, it will ask you for the CSR. Just cut & paste it into the text area when asked. With that you will be given a new certificate. Place your new certificate and key into the appropriate web server directory. Be sure to give the key 600 permissions, and the key’s group and owner should be the same as the web server. The certificate should have 644 permissions.