SSL SERVER CERTIFICATE ORDER - APACHE INSTRUCTIONS

This page describes in detailed manner the steps needed before you can order a Telia Company SSL Server Certificate when your webserver is running Apache.

APACHE (mod_ssl ja openSSL)

STEP 1. CREATING THE KEY

The key and the CSR are created with the openSSL program. The program is included in the openSSL package.

1. Change the directory to e.g. cd /usr/local/ssl/
2. Create the Secret key with the command: openssl genrsa -out MyServer.key 2048

STEP 2A. CREATING THE CERTIFICATE REQUEST (CSR)

1. Create the certificate request (CSR) with the command: openssl req -new -utf8 -key MyServer.key -out MyServer.csr
2. Enter the required information for your certificate request
   • Please note: OpenSSL will propose following when inquiring about Common Name: Common Name (eg, YOUR name) []: Do not enter your own name, but fill this either with a Fully-Qualified Domain Name or a private name for server (eg. www.domain.com) or a wildcard name (eg. *.domain.com)
3. Do not enter values to the 'extra' values (challenge password and optional company name), leave them empty
4. Copy the content of MyServer.csr on the order page. Make sure that the request does not contain extra characters or blank rows
5. Copy MyServer.key to the /usr/local/ssl/private directory
6. Copy MyServer.csr to the /usr/local/ssl/csr directory
7. Order your certificate using Telia Company SSL Order

STEP 2B. CREATING A MULTIDOMAIN CERTIFICATE REQUEST (CSR)

1. Make a openssl.cnf file to create Multidomain certificate request. Example of the file can found here
2. Replace example file details with your own details
3. Create the multidomain certificate request (CSR) with the command: openssl req -new -utf8 -key MyServer.key -out MySANServer.csr -config openssl.cnf
4. Copy the content of MySANServer.csr on the order page. Make sure that the request does not contain extra characters or blank rows
5. Copy MySANServer.key to the /usr/local/ssl/private directory
6. Copy MySANServer.csr to the /usr/local/ssl/csr directory
7. Order your certificate using Telia Company SSL Order
   

STEP 3. INSTALLING THE CERTIFICATE

1. Telia Company sends a link to the customer from where the customer can retrieve the actual certificate
2. Follow the instructions on the page to save the certificate on your computer e.g. under the name MyCert.crt
3. Save TeliaSonera CA root certificate bundle file (TeliaSonera Root CA v1 and TeliaSonera Server CA v2) here on your computer e.g. under the name ts_root.ca
4. Copy ts_server.ca to the /usr/local/ssl/crt directory, for example
5. Copy your Server certificate to the MyCert.crt /usr/local/ssl/crt directory

STEP 4. CONFIGURING THE SERVER

1. To use the key and the certificate, you must modify the httpd.conf file
2. Change the following information in the Virtual Host section:
   SSLCertificateFile /usr/local/ssl/crt/MyCert.crt
   SSLCertificateKeyFile /usr/local/ssl/private/MyServer.key
   SSLCertificateChainFile /usr/local/ssl/crt/ts_root.ca
   
3. Save the httpd.conf file and restart Apache.

STEP 5. BACKUP

1. Copy MyServer.key, MyCert.crt, ts_server.ca and httpd.conf for backup purpose.
2. Keep the backup in safe place

---

RESTORE

1. Copy MyServer.key, MyCert.crt httpd.conf to the server and ensure that following path are correct:
   SSLCertificateFile /usr/local/ssl/crt/MyCert.crt
   SSLCertificateKeyFile /usr/local/ssl/private/MyServer.key
SSLCertificateChainFile /usr/local/ssl/crt/ts_server.ca

2. Restart Apache

---

LINKS TO OPEN SSL AND MODSSL

• openssl
• mod_ssl
• Creating the key
• Installing the certificate