|
1. Overview
In this guide you will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
We will also touch on the role of thawte as a trusted third party and how using a thawte digital certificate can benefit your business by addressing unique online security issues to build customer confidence.
2. System Requirements
Before you can install an SSL certificate on your Apache web server you must have installed the required SSL components.
In this guide we will assume that you are using Apache with ModSSL installed.
3. Generate your Private Key
Use the OpenSSL binary to generate your private key. This will tell OpenSSL to generate an RSA private key, 1024 bits in length and to encrypt this file using the Triple DES cipher and to pipe the output to a file called www.mydomain.com.key.
You will be prompted to enter a Privacy Enhanced Message (PEM) pass phrase when generating the Private Key file as well as to enter it a second time to verify the pass phrase set.
An encrypted private key is secured with a pass phrase, and we recommend that this option be specified. Whenever the machine using this key is rebooted, or Apache is restarted, you will be prompted to enter this pass phrase.
MAKE A BACKUP COPY OF THIS KEY FILE AND ITS PASS PHRASE!
By far the most common problem users have when going through this process is related to Private Keys. If you lose or cannot access a Private Key or cannot remember the PEM pass phrase set on the Private Key file, you cannot use the Certificate we issue to you. To ensure this never happens, we advise that a backup of the Private Key file is made and that a note is made of the PEM pass phrase that is used to protect the Private Key file.
4. Generating your Certificate Signing Request (CSR)
The next step is to create a CSR (Certificate Signing Request) which you will need to provide thawte before your certificate can be issued. 5. Using a Test Certificate
This step assumes that SSL has been
To familiarize yourself with the workings of configured in Apache. a thawte certificate on an Apache server, If not, please refer to section 7 to set up you can set up a test certificate on your server configuration before using a thawte test certificate. proceeding.
While these certificates are for testing and evaluation only, they will provide encryption, but whenever an SSL session is established to your server with a test certificate installed, a warning message will be displayed. This message informs the user connecting that the certificate is not Trusted, and as such the integrity of the site cannot be guaranteed.
These certificates are intended for you to test your server configuration before you buy a Trusted certificate from a CA (Certification Authority).
They will generate errors with browsers that have not manually inserted the required root certificate.
You can get your browser to Trust that test certificate by manually inserting the required root into your browser. Follow the instructions provided in the Wizard for installing the thawte Test CA Root Certificate by clicking on: http://www.thawte.com/html/SUPPORT/keygen/servertest.crt
Our test certificates are valid for 21 days and this service comes with ABSOLUTELY NO WARRANTY!
6. Request a Trusted Certificate
thawte SSL certificates are requested online from: https://www.thawte.com/buy
During the certificate request process, you will be asked to copy and paste your CSR (Certificate Signing Request) into a text area on the online enrollment form.
Note: you will need to copy and paste the CSR, including the dashes and the full BEGIN and END line statements.
|
