- The first step is to generate a private key. If OpenSSL has been installed on the server, then the following command be used: OpenSSL genrsa -des3 -out server.key 1024
- Create a Certificate Signing Request (CSR) with the private key. Again, using OpenSSL, this can be done by running: OpenSSL req -new -key server.key -out server.csr Make sure that the fully qualified domain name (FQDN) of the server (e.g., agiliance.customer.com) is used as the Common Name in the certificate request.
- The CSR file can then be sent to your certificate authority (CA) to be signed. In return, the CA will provide you with a CRT certificate file (e.g., server.crt).
- Backup the existing server.key and server.crt files in %AGILIANCE_HOME%\Apache2\conf and place the new .key and .crt files in this directory. If possible, call the new files server.key and server.crt respectively. If the CA provides a .cer file, then the extension can be renamed.
- Edit %AGILIANCE_HOME%\Apache2\conf\extra\passphrase.bat and replace the existing passphrase string "agiliance" (default) with the passphrase used to create the private key. Save the file.
- If an external trusted CA (e.g., Verisign) provides an intermediate CA certificate, then this can be enabled by modifying the httpd-ssl.conf file located in %AGILIANCE_HOME%\Apache2\conf\extra\ to uncomment this line and supplying the path to the intermediate CA certificate: # SSLCertificateChainFile conf/cacert.crt
- Restart the Apache2.2 service
Have more questions? Submit a request