Updating Apache using Cpanel EasyApache Published: Jun 07, 2004
  • Rating

    3/5

Setup SSL Tutorial teaches you how to generate and setup a SSL certificate. Assuming you have apache and openssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR

Setup SSL Tutorial teaches you how to generate and setup a SSL certificate.
Assuming you have apache and openssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR.

Generating RSA & CSR (Signing Request)

[root@yupapa root]#
[root@yupapa root]# cd /etc/httpd/conf/ssl.key

OPTION 1: Generating a RSA private key without a passphrase (ME recommended)
[root@yupapa /etc/httpd/conf/ssl.key]# openssl genrsa -out MYdomain.com.key 1024

OPTION 2: Generating a RSA private key with a passphrase. You will be prompted to enter a passphrase right after you hit enter.
[root@yupapa /etc/httpd/conf/ssl.key]# openssl genrsa -des3 -out MYdomain.com.key 1024

You should NOT generate the RSA private key with a passphrase if you have scripts that restart apache automatically. If you have, then apache just sit there and wait for the script to input the passphrase which is a mess!
There is a method that you can disable the passphrase to prompt when you restart apache which I'll show you later~

Next generate the CSR using the RSA Private Key

[root@yupapa /etc/httpd/conf/ssl.csr]# openssl req -new -key MYdomain.com.key -out MYdomain.com.csr
[root@yupapa /etc/httpd/conf/ssl.csr]# mv MYdomain.com.csr ../ssl.csr

You will be asked to enter your Common Name, Organization, Organization Unit, City or Locality, State or Province and Country.
Do not enter these characters '< > ~ ! @ # $ % ^ * / ( ) ?.,&' because they will not be accepted.

Common Name: the domain for the web server (e.g. MYdomain.com)
Organization: the name of your organization (e.g. YUPAPA)
Organization Unit: the section of the organization (e.g. Sales)
City or Locality: the city where your organzation is located (e.g. Flanders)
State or Province: the state / province where your organzation is located (e.g New Jersey)
Country: the country where your organzation is located (e.g US)

You may be asked for emeow address and challenge challenge password. I just hit enter when I generate the csr~

Now you should have:
/etc/httpd/conf/ssl.key/MYdomain.com.key
/etc/httpd/conf/ssl.csr/MYdomain.com.csr

Make a backup copy of your private key! If you lose it, you have to purchase a new cert!

Now you should submit your csr and they will mail you the certificate.


Installing the Certificate for Apache

[root@yupapa root]# cd /etc/httpd/conf/ssl.crt

Copy the certificate that they mailed you to MYdomain.com.crt
Open your httpd.conf file and place the following to your virtualhost


<VirtualHost 123.456.789.123:443>
... some config like DocumentRoot , etc..
SSLEngine  on
SSLCertificateFile /etc/httpd/conf/ssl.crt/MYdomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/MYdomain.com.key
</VirtualHost>

Restart apache
OPTION 1 [root@yupapa /etc/httpd/conf/ssl.crt]# apachectl restart
OPTION 2 (using the sh script) [root@yupapa /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart


You may be asked to enter the passphrase IF you generated the RSA with a passphrase. If you do NOT want to be asked for a passphrase when restarting apache, re-generate your RSA key file.
[root@yupapa /etc/httpd/conf/ssl.crt]# cd ../ssl.key
[root@yupapa /etc/httpd/conf/ssl.key]# mv MYdomain.com.key MYdomain.com.key.has-passphrase
[root@yupapa /etc/httpd/conf/ssl.key]# openssl rsa -in MYdomain.com.key.has-passphrase -out MYdomain.com.key

And then restart apache again
[root@yupapa /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart

Now you should be able to access https://MYdomain.com ~ And Finally make sure those directories and files are only writable and readable by root!

Written by YUPAPA - http://www.yupapa.com

  • Rating

    3/5

Related Articles

Comments (10)

  • Gravatar - Steve
    Steve 00:37, March 22, 2005
    Geat tutorial, thanks!
  • Gravatar - perdana
    perdana 16:57, April 6, 2005
    hey....who r u....<br />
    am perdana from indonesian<br />
    to the point....<br />
    am dizy for cpanel ver9x<br />
    am nedded your help...<br />
    plz send to my email...<br />
    am waiting
  • Gravatar - alec
    alec 11:10, May 3, 2006
    Fab! Many thanks, saved my arse! easy to follow, simple to do!<br />
    <br />
  • Gravatar - Patrick
    Patrick 12:40, May 16, 2006
    Whenever I put /scripts/easyapache into my ssh window, easy apache auto executes and I never get to select what option I want. What gives?<br />
    <br />
    And is there a way around this happening?<br />
    <br />
    Thanks
  • Gravatar - Cristian
    Cristian 09:42, July 26, 2006
    This is a good tutorial.<br />
    Easy to follow
  • Gravatar - Wade
    Wade 06:15, October 15, 2006
    if you don't see the "options" selection and it just goes into building apache, you might need to delete the /home/cpapachebuild directory and files, and you might also need to use upcp -force FIRST. <br />
    <br />
    I had this problem but did the above and it worked.
  • Gravatar - Shanx
    Shanx 06:06, June 18, 2007
    Instead of doing it in the console, it's much better to simply use the WHM interface. It shows everything that can be set or unset, and works without unpredictable results on different platforms. Look for "Upgrade Apache" on the left hand side frame menu.
  • Gravatar - Baby
    Baby 06:03, April 30, 2008
    Upgare Apache On Cpanel<br />
    hello dears,<br />
    i have a problem with me apache and the site's settings.<br />
    my apache version is very old and i want to upgrade with the<br />
    apache 2.2,but i have a little information to do that<br />
    if there is no problem please tell me how can i upgrade my apache with cpanel manager(explain step by step)<br />
    and my server's operation is linux.<br />
    another question is: when i design a php e-mail sender and i send an e-mail to<br />
    another mail in the diffrent server when i recive that and check it , it was from another server<br />
    but the user be same, for example: my e-mail : baby@server.com but i recive babay@victim.com
  • Gravatar - Mike Spears
    Mike Spears 15:15, June 8, 2008
    Great Tutorial!<br />
    Very easy to follow.
  • Gravatar - santosh
    santosh 18:07, September 15, 2009
    Great

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com