Introduction
This HOWTO cover how to generate and request a signed SSL Certificate from Start SSL for personal or non-commercial use.
Prerequisites
- GNU/Linux
- OpenSSL
Preparing Start SSL
- Create an account on StartSSL and authenticate your domain
Generate a Certificate Signing Request
Start a command window and change directory to a location where you want to generate your certificate:
IMPORTANT: if you want an encrypted key file, please remove the option -nodes from the openssl command below
Copy and paste the following into a terminal:
cat > /tmp/gencert.sh << EOF
#!/bin/sh
date=\$(date +%Y%m%d)
echo -n "Enter Common Name: "
read cn
openssl req -nodes -newkey rsa:2048 -days 365 -subj /CN=\$cn \
-out \${cn}-\${date}.csr -keyout \${cn}-\${date}.key
echo "================== Copy the following CSR ======================"
echo ""
cat \${cn}-\${date}.csr
echo ""
echo "==================== Copy the above CSR ========================"
EOF
chmod a+x /tmp/gencert.sh
Get your signed certificate
Login to StartSSL and select Do you want to order FREE certificates for personal use and non-commercial use?
Select the option Web Server SSL/TLS Certificate
If you have not validated the domain you want to get a certificate for, you need to validate that domain on StartSSL before you continue.
Enter the name or names of your website(s) in the text box on the StartSSL website.
Select the option Generated by Myself (.cer PEM format certificate)
Run the following command on your computer to generate a certificate signing request: /tmp/gencert.sh
Copy and paste the Certificate Signing Request from the output of the script you just ran into the textbox on the StartSSL website.
The certificate will be signed and you can download a zip-file with the certificate.
Your certificate is issued, please click here to download the certificate, the intermediate certificate and the root CA certificate. And you can retrieve your issued certificate at “Tool Box” – “Certificate List” at any time if you need.
unzip the downloaded zip file and then unzip the file ApacheServer.zip unzip ApacheServer.zip
Concatinate the certificates and the private key: cat 2_*.crt 1_root_bundle.crt *.key >> certificate.pem