- Generate a private key. If openssl has been installed on the server, the following command must be used. Replace "hello" with your desired passphrase:
openssl req -x509 -newkey rsa:4096 -sha256 -keyout server.key -passout pass:hello
- Create a Certificate Signing Request (CSR) with the private key. If you're using openssl, this can be done by running:
openssl req -key server.key -new -out server.csr
- Enter the passphrase you generated above; e.g. "hello."
- Enter values when prompted. The fully qualified domain name (FQDN) of the server (e.g. agiliance.customer.com) must be used as the Common Name in the certificate request.
- Send the CSR file to your certificate authority (CA) to be signed. In return, the CA will provide you with a CRT certificate file (e.g., server.crt).
- Backup the existing server.key and server.crt files in %AGILIANCE_HOME%\Apache2\conf and place the new .key and .crt files in this directory. If possible, call the new files server.key and server.crt, respectively. If the CA provides a .cer file, then the extension can be renamed.
- Edit %AGILIANCE_HOME%\Apache2\conf\extra\passphrase.bat and replace the existing passphrase string "agiliance" (default) with the passphrase used to create the private key. Save the file.
- If an external trusted CA, such as Verisign, provides an intermediate CA certificate, then this can be enabled by modifying the httpd-ssl.conf file located in %AGILIANCE_HOME%\Apache2\conf\extra\ to uncomment this line and supply the path to the intermediate CA certificate:
# SSLCertificateChainFile conf/cacert.crt
- Restart the Apache2.2 service.
Have more questions? Submit a request