ipsCA - SSL Server Certificates, IPS Certification Authority, s.l.

SSL Server Support

S/MIME Personal Support

Downloads Support

User Guides

CSR Support

Apache-SSLeay-Open SSL

Key and CSR Generation

1. The utility openssl that you use to generate the key and CSR comes with OpenSSL and is usually installed under /usr/local/ssl/bin. Select five large and relatively random files from your hard drive (compressed log files are a good start). These will act as your random seed enhancers. We refer to them as file1:...:file5 below.

2. Go to your SSL directory cd /usr/local/ssl/private

3. Generate a private key: openssl genrsa -des3 -rand file1:...:file5 1024 > www.xxx.com.key

Note: PLEASE backup your www.xxx.com.key and make a note of the passphrase

4. Go to your certs directory cd /usr/local/ssl/certs

5. Generate a CSR from your key: openssl req -new -key ../private/www.xxx.com.key > www.xxx.com.csr

Contact ipsCA
For more Information:
Email:

Phone:
+34 91 6402052

CSR Instalation

Installing a Server Certificate using Apache-SSL/OpenSSL

IPSCA will send your Server Certificate via e-mail. You will also require an intermediate certificate available here . Each certificate will look something like the following:

Copy the server certificate, including the begin certificate and end certificate lines into a text editor such as Notepad (do not use Word or another word processing program.) Make sure that the certificate appears as formatted above. In other words, make sure that the begin certificate and end certificate lines are by themselves.
Save the server certificate as a text file with a .crt file extension (e.g. www.yourserver.com.crt) to your OpenSSL certs directory, usually /usr/local/ssl/certs but this may vary depending on your particular configuration.

Step two: Install the Intermediate Certificates

You will need to install the chain certificate (intermediate) in order for browsers to trust your certificate. As well as your SSL certificate ( yourdomainname.crt) two other certificates, named IPSSERVIDORES.crt and ipsCACLASEA1.crt , they are also attached to the email from ipsCA. Apache users will not require these certificates. Instead you can install the intermediate certificates using a 'bundle' method IPS-IPSCABUNDLE.crt.

In the Virtual Host settings for your site, in the httpd.conf file, you will need to add the following SSL directives.This may be achieved by:

1. Copy IPS-IPSCABUNDLE.crt to the same directory as httpd.conf (this contains all of the ca certificates in the ipsCA chain).

2. Add the following line to httpd.conf (assuming /etc/httpd/conf is the directory mentioned in 1.), if the line already exists amend it to read the following:

SSLCACertificateFile /usr/local/ssl/private/IPS-IPSCABUNDLE.crt

If you are using a different location and certificate file names you will need to change the path and filename to reflect your server.

The SSL section of the updated httpd config file should now read similar to this example (depending on your naming and directories used):

SSLCertificateKeyFile /usr/local/ssl/certs/www.yourserver.com.key SSLCertificateFile /usr/local/ssl/private/www.yourserver.com.crt SSLCACertificateFile /usr/local/ssl/private/IPS-IPSCABUNDLE.crt

Save your httpd.conf file and restart. You can most likely do so by using the apachectl script:

Restart your Server

You are now all set to start using your ipsCA certificate with your apache-SSLeay

return to the top

� 1996 - 2003 ipsCA, IPS Certification Authority, S.L. all Rights reserved.
Our CPS summarized or complete, CRLs, Root Certificates and legal documents
can be found in our repository
Read our Privacy Policy and Terms of Use