I am using Apache/1.3.12 (Unix) with mod_ssl/2.6.3 and
OpenSSL/0.9.5a . The installation went smoothly and SSL works
fine with a self signed certificate. I attempted to install an
EQUIFAX certificate (which they are now offering for $45.00) but
can't seem to get apache to start in SSL mode. The procedures
outlined below were followed -- is there some other steps that
need to be taken? Thanks in advance for any tips.
Create CSR
1.Make sure OpenSSL is installed and in your PATH.
2.Create a RSA key for your Apache server cd to
/apacheserverroot/conf/ssl.key directory (ssl.key is the default key
directory. If your have different setting, cd to your server�s private
key directory)
3.Type following commands to generate a key pair: $openssl
genrsa -des3 -out server.key 1024
4.Backup this server.key file and remember the pass-phrase you
had to enter at a secure location. You can see the details of this
RSA private key via the command: $ openssl rsa -noout -text -in
server.key You could create a decrypted PEM version (not
recommended) of this RSA private key via: $ openssl rsa -in
server.key -out server.key.unsecure
5.Create a Certificate Signing Request (CSR) with the server RSA
private key (output will be PEM formatted): $openssl req -new -key
server.key -out server.csr.
Enter the Fully Qualified Domain Name of the server when
OpenSSL prompts you for the CommonName for example:
www.equifaxsecure.com.
You can see the details of this CSR via the command: $ openssl
req -noout -text -in server.csr
6.Submit your CSR to Equifax Secure by clicking on Continue, you
will be asked to complete the agreement and the enrollment form
as well.
Apache + Mod SSL Web Server Certificate Installation Instructions
If you already have a properly operating Apache+Mod
SSL+OpenSSL Web server, these instructions will enable you to
configure your server to use your Equifax eBusiness certificate:
1.Shut down your Apache server. This is normally accomplished
via the "apachectl stop" command. For example:
/usr/local/apache/apache_1.3.9/bin/apachectl stop .
2.Copy the contents of "Your_Web_Server_Certificate.txt" into the
file identified by the "SSLCertificateFile" directive in your Apache
"httpd.conf" file. Be sure to copy the entire certificate contents from
the "-----BEGIN CERTIFICATE-----" up to and including the "-----
END CERTIFICATE-----" lines.
3.Edit your Apache "httpd.conf" file and perform the following:
a. Locate the "SSLCACertificatePath" directive and remove the
leading "#" from the line. If no "#" exists you should not have to
change the line.
b. Locate the "SSLCACertificateFile" directive and remove the
leading "#" from the line. If no "#" exists you should not have to
change the line.
c. Save the changes and exit the editor.
4.Copy the contents of "Equifax_Secure_eBusiness_Certificate.txt"
into the file identified by the "SSLCACertificateFile" directive in your
Apache "httpd.conf" file. Be sure to copy the entire certificate
contents including the "-----BEGIN CERTIFICATE-----" and "-----END
CERTIFICATE-----" lines.
5.Restart your Apache server. Be sure to use the "startssl" option
on the "apachectl" command line. For example:
/usr/local/apache/apache_1.3.9/bin/apachectl
startssl .
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
