How to generate CSR for a Debian server?

How to generate CSR for a Debian server?

Before installation, your first task is to generate a CSR (Certificate Signing Request) code. This is the standard procedure when applying for an SSL Certificate. The CSR contains relevant details about your domain and organization which the Certificate Authority must verify before issuing you the certificate. If your Apache server is running on Debian, follow the steps below to generate your CSR code:

You’ll perform the whole CSR generation process via the secure shell (SSH) protocol. Log into your server using the SSH command
In the SSH, you need to create the CSR file and the private key for your certificate. Enter the following command at the prompt:

openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite.key -out mywebsite.csr

Note: Replace mywebsite with your real domain name. For example, if your domain name is example.com, you must enter example.key and example.csr.

Now it’s time to submit the required information about your company to the CA. Fill in the fields as shown below:

Country Name – enter the two-letter country code where your organization is officially registered. For the United States you’ll type “US”, for Canada “CA”. If you’re not sure about the abbreviation of your country, here you can find the full list of country codes.

State or Province –type the full name of the state or province where you’re legally doing business

City or Locality – again, provide the full name of the city where your company is located

Organization Name – if you bought a Domain Validation certificate, enter your full name. If you purchased Business or Extended Validation SSL, enter your organization’s legal name; for example, (GPI Holding LLC)

Organizational Unit Name – type “IT” or “Web Administration”. These departments are usually in charge of SSL management

Common Name – here you must enter the fully qualified domain name (FQDN) you want to protect; for example, google.com

Note: For a wildcard certificate, you must include an asterisk in front of your domain name; for example, *.google.com. Do not add “https” or any other characters.

Email Address – provide a valid email address

A challenge password – this in an optional attribute. If you decide to create a password, write it down or make sure to remember it (better leave blankk)

An optional company – this is another option attribute. You can add your Brand name, or leave the field blank.

Well done! Your CSR and private key files are ready. You can find them in your working directory via the “ls” command.

Now, you can copy-paste the whole CSR content in a text editor, and send it to the CA during your order process. Depending on your SSL method, you should receive the SSL certificate within minutes, or in the next couple of days.


Install an SSL Certificate on Debian

Once your SSL certificate has landed in your inbox, download the root certificate and intermediate certificate files, and save them to the Debian server, in a particular directory
Now, you have to locate and edit the Apache .config file. It usually resides in the /etc/apache2/sites-enabled/your_site_name directory. If it’s not there, find it via the sudo
a2ensite your_site_name command

Pick a text editor of your choice and open the Apache .config file

Note: To connect to your site through both HTTP and HTTPS, you need to create two separate files in the sites-enabled directory. The HTTP file will use port 80 to establish the connection, while the HTTPS one will perform the same action via port 443.

In the .config file, find the Virtual Host block. You need to edit it to make your website available only via the HTTPS.

By default, the Virtual Host block looks like this:
<VirtualHost *:443>
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key
SSLCertificateChainFile /path/to/yourdomain.ca-bundle
</VirtualHost>
You will adjust it to your own SSL certificate details:
SSLCertificateFile – provide the location (on your server) of your SSL certificate
SSLCertificateKeyFile – specify the location (on your server) of the private key file (you created the private key file along with the CSR code)
SSLCertificateChainFile – enter the location (on your server) of your intermediate certificate/ca-bundle file.
Note 1: In the unlikely event that the SSLCertificateFile command doesn’t work, try SSLCACertificateFile instead.
Note 2: The ca-bundle file must contain the intermediate certificate (e.g. DigiCertCA.crt) followed by the root certificate (e.g. TrustedRoot.crt) – particularly in this order.
Inspect the newly configured Virtual Host block for potential typos and errors. If everything looks good, save the .config file.
Now, it’s time to add the final touches to your SSL installation. First, use the apachectlConfigtest command to scan for errors. If there’s an issue with the configuration, perform the installation steps again, from the very beginning. If there are no errors, move on to the final step
All that’s left is to restart the Apache server. Run the following commands: apachectl stop and apachectl start.
It’s done! You’ve successfully configured your SSL certificate on your Debian server. You can always check the state of your SSL installation with these excellent SSL tools.

  • SSL, certificados, debian, apache
  • 28 Korisnici koji smatraju članak korisnim
Je li Vam ovaj odgovor pomogao?

Powered by WHMCompleteSolution