Installing a Custom Digital Certificate
Once you have a obtained a signed digital certificate, you need to install it and set
up SSL to use your certificate and private key instead of the default.
NOTE: If you have not already ordered SSL for
your Virtual Private Server, you will need to do that before continuing with the
steps outlined below.
When you got your certificate, you most likely saved it to a file on your local
computer. You will need to copy the file onto your Virtual Private Server via FTP.
Be sure to copy the file using ASCII format to avoid corrupting the file. Save the
file in the ~/etc/ directory with the name ssl.cert.
Once the certificate is on your server, get the Private Key, which you generated at
the same time as you generated the CSR, and copy it to the ~/etc/ directory with the
name ssl.pk. Make sure to keep a copy of the Private Key in a different location as
well so if you make a mistake you don't lose your Private Key. You may want to create
a directory on your Virtual Private Server and store a copy of both your Private Key
and the Certificate until you are certain that the new certificate is working properly.
With both files in place, connect to your Virtual Private Server via
SSH or Telnet
and run the following command.
% openssl rsa -in ssl.pk -out ssl.pk
This command removes the default encryption on your key, and makes it useable by
the Apache Web Server. With the key decrypted, run restart_apache to restart the
Web server using your new certificate. You can tell if your Private Key has been
decrypted or not by looking at the file. When your key was generated, the first
few lines should have looked similar to the following.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BCC23A5E16582F3D
hfWyPkea3gnVCHCZJ/zgQpCH9RZF7WjYXGYohdbfkJY0ETLwXaqjvnNHQlLomwIt
After decrypting your key, the key should have changed to look similar to the following.
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCot9aa9R38QevFSWqU718VFxqEDcY4gJfdZ6sBy282jdgCVcwU
q92tQ5V3amQanoSIWxI/O9GYm5kJSo3b2qGib2sqLiHZFav/bRjL5IDFOMwcSTyp
O0I9otCK72/rrxMl+Gt8b5saEiIdmGO4ar9AM2DYYQCFKYR62mDZ7mRa6wIDAQAB
AoGBAJWy0CqblGhvgSeCdZwCK+ZFopRKuHcHujeLtRKZk2rfPisMP1CUEdObJLJY
5ssrnUJzM+SBSf5TCN1Slj3dZg2NRBq+68L1dR+3voEWv2ebPhzicjw81l0xuVoX
HbXhM052Bmhp8XWZd3VdKXyQuTQeh17F4R2o39r9vP88pGnRAkEA4OxTu4p6gAxF
l4JwiqFeswdoq/jEj9KkKGy/wM4psGQqUrzWzgKmN+R1NpSRWcyohpSOsU8yFcHb
bydNYvYj0wJBAMAHgQENrGx+3XEzcCx3uY8vv1gvcNFou0RKKcoaHyf8n028AJAf
ZAM/7h+cFcJVYEeb8n54ED4979c+gr3ttYkCQD444okVLAJUYsQhL6UKMzpvqEM6
1JW8/fC49OsPnXTQoOy2lO30yarYppxsyTEAbvacDkV61S4zrNK5Gq1vzkUCQF45
0GVR7k92mPZZBSvsu5K1HTEKZlN7Dpjdw0+2LZ+TaB/epnAR1yN5FUFRd6PZ/Npm
fUDtbRr9jViTBdhocfECQQDfxT3bUNjvJUeWQieQg2ooj7yzbjMD5MjA+9z+qh1V
Cb+4kQSEWrP7EdJk4cOHOH+ZYjinf77x8v2PbnaKE5Dc
-----END RSA PRIVATE KEY-----
Check to make sure the new certificate is working by connecting to the domain your
certificate is set up to use via HTTPS. For example, if your domain name were
www.my-domain.name, you would type the following into your browser's location bar.
https://www.my-domain.name
If the page loads without any errors, find the lock icon on your browser and click
on it (depending on your browser, you may need to double-click). This will bring up
the certificate information, or a window that lets you view certificate information.
Check to see that the certificate is using the correct domain name and has the correct
information.
If you get an error trying to view the page, see the Troubleshooting Certificate
Installation Problems page to help you get the certificate working.
|
|
