Dec 16, 2013
1 min read
May 27, 2023 09:13 EEST

Creation of new Key

Go to the site and verify the domain (Use the button Control Panel).

At first we set the default key size to 2048 by editing the file /etc/ssl/openssl.cnf. Change in section req default_bits to 2048.

We create on the host a new key and csr:

openssl req -new -nodes -keyout ssl.key -out ssl.csr

As common name fill the domain and do not fill the challenge password.

Go to and select new certificate and select WEB. For the private key select Skip.

Now copy the content of the ssl.csr to the website. Select the domain and fill the common name you inserted above while creating the private key.

Copy the certificate on the website in the file ssl.crt. Download the two files:


Configure apache with the following lines:

ServerSignature On
SSLEngine on
SSLProtocol all -SSLv2

SSLCertificateFile /usr/local/etc/apache22/ssl/ssl.crt
SSLCertificateKeyFile /usr/local/etc/apache22/ssl/ssl.key
SSLCertificateChainFile /usr/local/etc/apache22/ssl/
SSLCACertificateFile /usr/local/etc/apache22/ssl/ca.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

Restart apache.

Related Posts