Getting ssl certificates generated & signed by GoDaddy - 2009

This page assumes that you're running a Linux web server with apache (ver 1.3.x) and openssl.  It's really here for my own benefit as this is an area where I really don't know - to a large extent - what I'm doing.....  Since I've got shopping carts on on a couple of domains I need to have a signed certificate on my secure virtual server.  Setting up a secure, virtual server on Apache (I'm running an older Apache version - 1.3.37) is something that I am not going to get into on this page - I am assuming, again, that you've got this much of the whole deal covered....  Too, there are tons of pages on the net which explain the syntax, pages from which you can copy and paste, etc. 

A few years ago I found some scripts which, thankfully, make this whole process pretty brain-dead. The only snag I'd run into, recently, was that I was buying certificates at GoDaddy.com and the scripts I'd been using were designed to generate 1024-bit encryption and GoDaddy - as of 2009 - requires a minimum of 2048. I just opened the scripts and edited the relevant values(s) - they still work fine (they're set to a value of 4096).

Let's go.....

First of all, download the script package:

SSL Tool Kit(4096-bit)

In the event I've done anything wrong, here's the tarball I downloaded, years ago, and used successfully over and over - however, it's only 1024 bit encryption:

1024 version

I may expand on this a bit later but, for the moment, here's a quick-step guide to getting everything working:

1. Move the file you've just downloaded to your Apache configuration directory (not mandatory - just shorter paths to type if you're "in the neighborhood") and untar the rascal...
2. In a shell navigate into the new directory (called "ssl_toolkit_4096") and, if neccesary, chmod all of the files to 755 (executable) - the file permissions should already be ok....
3. Type the following from a shell prompt:

   openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 4096

4. Very important: these scripts will ask you a number of questions, the answers to which are very often unimportant for them to work. However, choose a password and remember the thing, and, the "common name" of the server must match the URL by which your secure server is called. You will be asked to enter it twice, as I recall, and it must be correct (and, obviously, the entries identical). For example, my secure server alias is called "secure.netkwik.com" - that's what I enter for these questions. One more time, the common name is the actual name of your secure server's alias - you cannot make this up, or, simply enter whatever (which you can do for things like the associated email address, etc.).
5. Do: ./new-root-ca.sh your.secure.server (don't be an idiot - you're actual secure alias in place of the red type...)
6. Do: ./new-server-cert.sh your.secure.server
7. Do: ./sign-server-cert.sh your.secure.server

Okay - now, in my ignorance, this is what I do (I just know it works).

1. Go to your apache conf folder and enter the following sub-directories: ssl.key, ssl.csr, and ssl.crt.  Remove any existing files in all of these folders...
2. Go back to the folder in which you generated all of your certificates, keys. etc. (the "ssl_toolkit_4096" folder) and copy the appropriately suffixed files to the corresponding folder from which we just removed everything (copy anything ending in ".key" to the ssl.key folder, and so on).
3. Open your .csr file with a text editor and copy the contents; go to GoDaddy, follow the prompts to manage your SSL certificates and paste the data into the box. It will work. They will email you a link to download the signed certificates (which you then just paste to the ssl.crt folder). That's it....

HOWEVER: The GoDaddy downoad includes two files, the second of which I do not use and I am not entirely sure why all of this is working without any reference, in my Apache configuration, to this file. I have virtually no idea what I am supposed to do with the gd_bundle.crt file. And everything works - in any browser (without warnings/errors) wihout using this thing.  I am a bit confused and I am going to some research regarding this issue....

Apache 1.3.x httpd.conf edits

I edit two areas in the Apache configuration file.  Obviously, the folder names and paths will vary depending upon how you've set up your server - this, simply, is what I do (and these notes are, largely, for my own reference). The first area of edits is under the heading #General setup for the virtual host and the second is a virtual host that I add at /usr/local/apache/htdocs/secure. Very simply, this is what I do - and this may vary depending upon your system and setup:

1. In the General Settings Section.....
   
   

   DocumentRoot "/usr/local/apache/htdocs"
   ServerName secure.netkwik.com
   ServerAdmin This e-mail address is being protected from spambots. You need JavaScript enabled to view it
   ErrorLog /usr/local/apache/logs/error_log
   TransferLog /usr/local/apache/logs/access_log
   
   Uncomment the line that looks like this: SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/secure.netkwik.com.key

Uncomment the line that looks like this: SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/secure.netkwik.com.crt


2. I add a virtual server that looks like this (see highlighted areas for my edits)......