User Tools

Site Tools


This is an old revision of the document!

SSL Issue and Resolution

Generate 2048 Bit CSR for godaddy.

openssl req -nodes -newkey rsa:2048 -keyout -out

Above command will not ask you for password. Which is not advisable on apache startup as you need to be present to supply password.
If you need to have than simply remove “-nodes” from your command and you have password.

To check if certificate and key is matching “Match the MODULUS” in out of following command

openssl rsa -modulus -in <*.key>
openssl x509 -modulus -in <*.crt>

Read CSR using following command

openssl req -text -in <*.csr>

Find Expiring and Issue date for Certificate

openssl x509 -noout -in <*.crt> -dates

How to enable strong SSL in apache. This also help to pass PCI Compliance.

| httpd.conf
SSLEngine On
SSLCertificateFile /srv/www/conf/<*.crt>
SSLCertificateKeyFile /srv/www/conf/<*.key>
SSLCertificateChainFile /srv/www/conf/gd_intermediate_bundle.crt
SSLCACertificateFile /srv/www/conf/*.ca-bundle
SSLProtocol -all +SSLv3 +TLSv1

Test SSL Server

Thawte CA Bundle

Self Signed SSL

Generating Private Key
openssl genrsa -des3 -out 2048
Generate CSR
openssl req -new -key -out
Removing password

This is optional only require if you provide password during CSR Generation.

openssl rsa -in -out
Signing Certificate
openssl x509 -req -days 365 -in -signkey -out
ssl.1292342307.txt.gz · Last modified: 2010/12/14 10:58 by k2patel