Académique Documents
Professionnel Documents
Culture Documents
System Requirements
This guide assumes that you are running a recent version of the Apache web server software and that the required SSL components are installed, including OpenSSL and either ModSSL or Apache-SSL. Many Apache distributions, as well as UNIX/ Linux distributions that include Apache, are already configured with these prerequisites. This guide assumes that you are using ModSSL, although Apache-SSL is substantially similar and Thawte does not recommend one over the other.
Note
It is not required to use a pass phrase, but we recommend that you do so. Although it is less convenient, it helps ensure the security and privacy of your private encryption key. You should immediately make a backup copy of the key file, and document the pass phrase. If you lose or cannot access your private key, you cannot use the certificate you obtain from Thawte. You can back up the key file by simply copying it to a safe location, such as a removable drive: Cp domainname.key path-to-removable-disk
Resource
You can learn more about these SSL components at:
Begin your test certificate request at https://ssl-certificate-center. thawte.com/process/retail/thawte_trial_initial. You will be asked to copy and paste your CSR into the text area provided be sure to copy and paste the entire request, including the dashes and the BEGIN and END lines. The test certificate will be generated automatically, and you will be able to see it on the resulting page. Save it to a text file called domainname.crt.
Note
If you have not yet configured SSL in Apache, we recommend doing so prior to requesting a test or trusted certificate. SSL configuration is covered later in this guide.
Note
If you have generated more than one CSR, you may need to
Figure 1: A sample CSR text file.
check a CSR before pasting it into Thawtes web site. Doing so helps ensure that you paste the correct CSR. To verify a CSR, run. openssl req text noout in filename.csr Detailed instructions for obtaining a trusted Thawte SSL certificate can be found at: https://search.thawte.com/support/ ssl-digital-certificates/index?page=content&id=SO5905. During the identity verification process, you can check the status of your request at http://www.thawte.com/log-in/index.html, and you can always contact the customer service representative assigned to your request with any other questions.
Configuring SSL
Prior to installing any certificate, you will need to configure your Apache web server. Directives are used to tell Apache exactly how it should behave and how certain content is handled. ModSSL provides the directives used to configure SSL support in Apache. The following are the most frequently used directives:
Note
For consistency, we recommend saving the file using a filename such as domainname.crt; this helps easily match the .key, .csr, and .crt files if you follow this naming convention consistently. You will also be asked for the PEM pass phrase that you used to secure your private key. Be sure to carefully check all the information you provide because this information is what Thawte will verify before issuing your certificate. The generated CSR file is a simple text file, containing something like the sample that Figure 1 shows.
You can view the certificate details by running this command: Openssl req text noout in domainname.crt The output will include the certificates validity period, issuer, owner, fingerprint, and other information. Your certificate can only be used in conjunction with the private key you created originally. If you lose access to the private key file, the certificate is useless. Certificates and private keys are matched pairs; without one, you cannot use the other.
an https request, the host headers themselves are encrypted; the server cannot use them to route traffic to a particular virtual host. Once SSL has been installed and configured, you typically must restart the entire server, not just Apaches daemon.
Useful Links
You may find the following URLs to be useful:
Protect your business and translate trust to your customers with highassurance digital certificates from Thawte, the worlds first international specialist in online security. Backed by a 17-year track record of stability and reliability, a proven infrastructure, and world-class customer support, Thawte is the international partner of choice for businesses worldwide.
2013 Thawte, Inc. All rights reserved. Thawte, the thawte logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Thawte, Inc. and its subsidiaries and afliates in the United States and in foreign countries. All other trademarks are property of their respective owners.