The SSL-enabled web app servers will be installed with test certificates. However, to run an SSL-enabled web app server in SSL mode for production (i.e. without the browser cert warning), you will need to download and install SSL certificates from a provider (i.e. Verisign, Thawte) into the folder that contains your SAMS Web Applications.
The following steps contain detailed instructions on how to create a Certificate Signing Request, which is needed when you apply for an SSL Certificate. Also included are instructions on how to convert your certificate into .pem files, which are needed for your SAMS Web Apps.
1. To create the CSR (Certificate Signing Request) use the following command from the Dos window to run openssl. Be sure to navigate to the directory where openssl.exe is located (openssl.cnf should be in the same folder). Answer the questions as indicated below, and be sure the common name given matches the subdomain of the machine where the certificate will reside.
openssl req -config openssl.cnf -new -out server.csr
Enter PEM pass phrase: yourpassphrase
Verifying password - Enter PEM pass phrase: yourpassphrase
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: yourstate
Locality Name (eg, city) [ ]: yourcity
Organization Name (eg, company) [Internet Widgets Pty Ltd]: yourcompany
Organizational Unit Name (eg, section) [ ]: yourcompanyunit
Common Name (eg, YOUR name) [ ]: yoursubdomain
Email Address [ ]:
A challenge password [ ]: yourpassword
An optional company name [ ]:
2. Create the private key with the following command. Answer the pass phrase as entered above.
openssl rsa -in privkey.pem -out key.pem
Enter PEM pass phrase: yourpassphrase
3. Submit the CSR to Verisign. When prompted for system software, choose Apache.
4. When you receive the certificate from Verisign, copy and paste the contents of the file into cert.pem.
5. Create the root.pem file with Internet Explorer. Select the Authority (Verisign) that issued the certificate and export it in Base64 (.cer) format. Rename the file to root.pem.
6. Copy the root.pem, cert.pem, and key.pem files into the same directory as the secured web applications.