How to Generate an SSL Certificate from GoDaddy

To purchase a digital certificate, you must first generate and submit a Certificate Signing Request (CSR) to the Certification Authority (CA). The CSR contains your certificate-application information, including your public key. The CSR is generated with your Web server software, which will also create your public/private key pair used for encrypting and decrypting secure transactions.

SSL Server Certificates from Go Daddy┬« are compatible with all secure Web server software. CSR-generation instructions are available for the Web servers listed below.1, Generating a Certificate Signing Request (CSR) – Apache 2.x

Follow the below instructions to generate a CSR for your Web site. When you have completed generating your CSR, cut/copy and paste it into the CSR field on the SSL certificate-request page.

1, CSR-Generation Instructions
To generate a triple-DES encrypted key pair and a Certificate Signing Request (CSR):

Enter the following commands:

  1. cd /usr/bin/ (/your path to openssl/)
    Enter a passphrase when prompted to.
  2. openssl genrsa -des3 -out <name of your certificate>.key 1024
    openssl req -new -key <name of your certificate>.key -out <name of your certificate>.csr

e.g.,

openssl genrsa -des3 -out www.labsupplymall.com.key 1024
openssl req -new -key www.labsupplymall.com.key -out www.labsupplymall.com.csr

If you are requesting a Wildcard certificate, please add an asterisk (*) on the left side of the Common Name (e.g., “*.domainnamegoes.com” or “www*.domainnamegoeshere.com”). This will secure all subdomains of the Common Name.

Use the following reference to generate key:

About the Distinguished Name
During the creation of the CSR, you will be prompted to provide certain information about your organization. The Web server software will use this information to create your Web server certificate’s Distinguished Name (DN). Distinguished names uniquely identify individual servers:

The distinguished name contains the following information:

Country Code: The two-letter International Organization for Standardization? (ISO-) format country code for the country in which your organization is legally registered. Click the link below for a complete list of ISO country codes.

State/Province: Name of state, province, region, territory where your organization is located. Please enter the full name. Do not abbreviate.

City/Locality: Name of the city/locality in which your organization is registered/located. Please spell out the name of the city/locality. Do not abbreviate.

Organization: The name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as a small business/sole proprietor, please enter the certificate requestor’s name in the “Organization” field, and the DBA (doing business as) name in the “Organizational Unit” field.

Organizational Unit: Optional. Use this field to differentiate between divisions within an organization. For example, “Engineering” or “Human Resources.” If applicable, you may enter the DBA (doing business as) name in this field.

Common name: The name entered in the “CN” (common name) field of the CSR MUST be the fully-qualified domain name for the Web site you will be using the certificate for (e.g., “www.domainnamegoeshere”). Do not include the “http://” or “https://” prefixes in your common name. Do NOT enter your personal name in this field.

Note: If you wish to apply your certificate to an intranet page, enter as the common name the name of the applicable intranet page (e.g., “intranet” or “web”). The name cannot contain periods. The absence of periods enables Go Daddyto detect that the common name refers to an intranet page.

If you are requesting a Wild Card certificate, please add an asterisk (*) on the left side of the common name (e.g., “*.domainnamegoes.com” or “www*.domainnamegoeshere.com”). This will secure all subdomains of the common name.

Note: If you enter “www.domainnamegoeshere.com” as the Common Name in your certificate signing request, the certificate will secure both “www.domainnamegoeshere.com” and “domainnamegoeshere.com.” And vice versa.

2, Copy and Paste your csr (www.labsupplymall.com.csr) into GoDaddy’s csr textarea. Follow instruction to click a few buttons. Then you will receive emails.

3, Activate your SSL certificate and download both the certificate files and installation instruction to your computer.

4, Upload SSL certificate files to your server.

5, Remove password from your certificate’s key:

openssl rsa -in www.labsupplymall.com.key -out www.labsupplymall.com.key.nopassword

6, Edit ssl.conf file

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /home/xxx/security/www.labsupplymall.com.crt
SSLCertificateKeyFile /home/xxx/security/www.labsupplymall.com.key.nopassword
SSLCertificateChainFile /home/xxx/security/gd_intermediate_bundle.crt

7, Restart Apache:

apachectl restart.

Tags:

July 16, 2008 at 3:48 pm

Leave a Comment