Instructions for CSR:

1. Chose the domain. Eg. www.ename.ro
2. Create the private key for the chosen domain.

cd /etc/httpd/conf/ openssl genrsa -des3 -out ssl.key/www.ename.ro.key 2048

 It is recommended to keep a copy of the private key in a secure place. If you lose it, you must buy a new certificate.

3.Create CSR (certificate signing request)

openssl req -new -key ssl.key/www.ename.ro.key -out Country: RO State or Province: Bucuresti City or Locality: Sector 2 Organization: Webdev SRL Organization Unit: Departamentul Certificate Digitale Common Name: www.ename.ro Email: webmaster@ename.ro

 Do not introduce other attributes.

 Do not set "challenge password" (press enter). Otherwise, this password will be requested at every web server reset.

4. The content of the file ssl.csr/www.ename.ro.csr is sent. It must be like this:

-----BEGIN CERTIFICATE REQUEST----- MIIBzDCCATUCAQAwgYsxCzAJBgNVBAYTAlJPMRIwEAYDVQQIEwlTYXR1IE1hcmUx ... -----END CERTIFICATE REQUEST----- You can fill in the form from the site eName: https://www.ename.ro/certificate-ssl.html or you can send us an email, including the firm data, necessary for billing (the name of the company, address, telephone, fiscal code, commerce register, account, bank).

5. You will receive from us the proforma invoice and a link where you can continue the validation process. For validation you will receive an automatic call from RapidSSL and you will be asked to introduce the code from the screen on your telephone.

6. After the validation you will receive the SSL certificate. It must be saved in the ssl.crt/www.ename.ro.crt directory.

7. Edit the file /etc/httpd/conf/httpd.conf.

Check if the following lines appear (it does not matter where in the file)

AddModule mod_ssl.c Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl

 Write the following information in the apache configuration file: 

ServerAdmin webmaster@ename.ro DocumentRoot /cale/catre/site ServerName www.ename.ro SSLEnable SSLCertificateFile /etc/httpd/conf/ssl.crt/www.ename.ro.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.ename.ro.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

 8. Restart the web server with the option SSL:

service httpd stop
service httpd startssl