User Tools

Site Tools


This is an old revision of the document!

SSL Issue and Resolution

Generate 2048 Bit CSR for godaddy.

openssl req -nodes -newkey rsa:2048 -keyout -out

Above command will not ask you for password. Which is not advisable on apache startup as you need to be present to supply password.
If you need to have than simply remove “-nodes” from your command and you have password.

To check if certificate and key is matching “Match the MODULUS” in out of following command

openssl rsa -modulus -in <*.key>
openssl x509 -modulus -in <*.crt>

Read CSR using following command

openssl req -text -in <*.csr>

Find Expiring and Issue date for Certificate

openssl x509 -noout -in <*.crt> -dates

How to enable strong SSL in apache. This also help to pass PCI Compliance.

| httpd.conf
SSLEngine On
SSLCertificateFile /srv/www/conf/<*.crt>
SSLCertificateKeyFile /srv/www/conf/<*.key>
SSLCertificateChainFile /srv/www/conf/gd_intermediate_bundle.crt
SSLCACertificateFile /srv/www/conf/*.ca-bundle
SSLProtocol -all +SSLv3 +TLSv1

Test SSL Server

ssl.1286608790.txt.gz · Last modified: 2010/10/09 03:19 by k2patel