How to Set up the SSL Certificate

The SSL-enabled web app servers will be installed with test certificates.  However, to run an SSL-enabled web app server in SSL mode for production (i.e. without the browser cert warning), you will need to download and install SSL certificates from a provider (i.e. Verisign, Thawte) into the folder that contains your SAMS Web Applications.


The following steps contain detailed instructions on how to create a Certificate Signing Request, which is needed when you apply for an SSL Certificate.  Also included are instructions on how to convert your certificate into .pem files, which are needed for your SAMS Web Apps.


1.  To create the CSR (Certificate Signing Request) use the following command from the Dos window to run openssl.  Be sure to navigate to the directory where openssl.exe is located (openssl.cnf should be in the same folder).  Answer the questions as indicated below, and be sure the common name given matches the subdomain of the machine where the certificate will reside.

openssl req  -config openssl.cnf  -new  -out server.csr



2.  Create the private key with the following command.  Answer the pass phrase as entered above.


3.  Submit the CSR to Verisign.  When prompted for system software, choose Apache.


4.  When you receive the certificate from Verisign, copy and paste the contents of the file into cert.pem.


5.  Create the root.pem file with Internet Explorer.  Select the Authority (Verisign) that issued the certificate and export it in Base64 (.cer) format.  Rename the file to root.pem.


6.  Copy the root.pem, cert.pem, and key.pem files into the same directory as the secured web applications.