Create a SSL with LxAdmin

Portal Home > Knowledgebase > Railo Hosting > Create a SSL with LxAdmin

Kloxo 2048-Bit SSL Setup.

Kloxo Currently does not support creating 2048-bit CSR's via the Planel. So we will need shell into the system to create the CSR.

1. We recommend downloading "Putty" (Windows) or "JellyfiSSH" to use to SSH into your server. Once you login as the root user we need to create a key. By default you are in the root folder of your account and we can create the key right there.

Next run this command to create the key.

# openssl genrsa -out secure.mydomain.com.key 2048

Next you want to copy the key and keep it saved for later when importing the the purchased SSL. Run this to display it and you can Highlight the output and then past it in notepad and save it for later use. (You maybe need to make your putty or terminal windows larger to see it.

# cat secure.mydomain.com.key

Here is an example

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1uNugrS6Ez8WuxEltcCY9LJIWkfGRF/zN3ObfMbj9SdFVFGv
5GTib077mFAVShh/QoCcBb7ghJYoEtbQlDP3two/CBKKuzrLtfesmxfmGOMqLTX1
kVGqDqdPvTxyrU5Ob7ket8O4GIb09aTFk2DFk0yQSUIGz60+05WMMUaUPi6nLXZa
9GTnh4SceQCsFV3RdM6PfhBx42GOvlWa2q6N9H2PlhwLLefeqVRnaquaNIAyDAGC
kcHz3Z3CzohdyH5slOHi2i8Cip5mydT3D81zOC0zK7YQIIDrl2hcK5Dt3EDOF5kZ
NdWKgnkEyB/sSJls3e8JSjZHRn/0NKOtaiDvMQIDAQABAoIBAEBE+1tqVDDHcLP4
V+/5L4YYAF3IE7uFewe9suZp0eoTmb+zQskrhzHFTKhsY0Gq+/zW3FM3mIzvIAMq
bm208US0cs+mRAnlduHwtpYYWsBcyNOGzPBunU8OqWGuv5mnzvvJQS+zAM+NJZyG
This is an example. This is an example. This is an example. This is an example.
l/uvj1RuLE0Nio1mc+BPJwSsngNYSpoTj/DrVDcCgYEAxhX6UaNJq4zZ5h0w5+II
fimf5kpswL6rBBF6GVaESpo5SbTixksOFj7h6mc0FKxCQaEG7Uqic5JksYypC2m/
DTK8WMUUEvVPpQLIpL6c1PmdXx4QzyNpImks4u21pbF0xUU9vbkaqk45XR+ipVOz
cV3ZsSA1wdHxbxfS7kq72LcCgYEA1w2vKgqWnuEv+awo0MdZmrbFr7//UowWsIn+
ltvMBuS0nhUZaPaUy/BWqKnMUH6C9TFIAFCvwTUgFNcOJjt8K8upoTu9mw/Ob8Qh
X85H+rFPIKdpHTz26QZ7dCxv/RwamfqCfxSECI/9YKq8wlS/Ccszwkq3eNawFwWG
f3ocKx8CgYBBWfkBMReaQ0YEeXHTsYHzWKu0l60Z9IPVQk0625KGdaD3nQ0Et+N7
DrJgbQ5YmZJUsBgHoyJ5VLimkxK/6yXo5DtbjsSBgAY91SZp9mkS/POnsrj9KavC
sFzBwp84SilMU1dWLg4Kai4OKrFoU4VzqF4CyJmcK+hJPu771YNPDQ==
-----END RSA PRIVATE KEY-----

Several notes about this:
- This key will not be password protected. In our experience, password protected keys are a major pain in the neck to work with because they require you to enter in a password every time you start or restart apache.
- The naming of the key can be important if you plan on having several secure domains on your account. It helps avoid confusion. For this demonstration, we'll be using the domain "secure.mydomain.com" but it could really be anything you'd like it to be.
- Last, we will be generating a 2048-bit encryption key here, but you could theoretically create one with stronger (or weaker) encryption if you'd like to. 2048-bit keys are standard.

2. Generate your CSR

Now that we've gnerated our Key, we need to generate what's called a "Certificate Signing Request" or CSR. This request is the part that SSL companies (like Geotrust or RapidSSL) need in order to provide you with a signed certificate. To generate a CSR, run the following command:

# openssl req -new -key secure.mydomain.com.key -out secure.mydomain.com.csr

You will then be asked a series of questions (example below). Go ahead and modify the answers to suite yourself:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:GB
State or Province Name (full name) [Berkshire]:London
Locality Name (eg, city) [Newbury]: London
Organization Name (eg, company) [My Company Ltd]:Your Company Name
Organizational Unit Name (eg, section) []:secure.mydomain.com
Common Name (eg, your name or your server's hostname) []:secure.mydomain.com
Email Address []:webmaster@mydomain.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Note that the "Challange Password" and "optional company name" fields were left blank.

After that, you should have a nice little .csr file. To view your CSR file, run the following command:

# cat secure.mydomain.com.csr

It will return what looks like a bunch of junk... but it's actually encrypted code:

-----BEGIN CERTIFICATE REQUEST-----
MIIB+jCCAWMCAQAwgbkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
MRQwEgYDVQQHEwtXYWxsYSBXYWxsYTEbMBkGA1UEChMSVml2aW8gVGVjaG5vbG9n
aWVzMRwwGgYDVQQLExNzZWN1cmUubXlkb21haW4uY29tMRwwGgYDVQQDExNzZWN1
THIS IS AN EXAMPLE THIS IS AN EXAMPLE THIS IS AN EXAMPLE THIS IS AN EXAMPLE THIS IS AN wEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBABk2
Wz+7jAa64T3toEjCt0vK6Sxix0B5ev9dBDtX+U+tAzjIt6dghqmRYiomDoYDhoHF
sNGCmrWChgooIOYGX63SZoWPEr50vLdGsOHnj36jzvDctTfi51rew3w75THGtnRL
c60CK7/0ORrgXsLla3WkaPZRABRzQdxR47U6sxMs
-----END CERTIFICATE REQUEST-----

This is the code that you need to copy and paste into the special instructions field when you order your SSL certificate from Host Media UK.

Host Media UK will then order your SSL certificate. A verification message will need to be sent to "webmaster@mydomain.com" (the domain that is to be secured) in order to make sure we are ordering this SSL certificate at your request. You will need to verify the order as per the verification email instructions, then we will deliver the .cer file (your actual SSL certificate) to the email address that you ordered the certificate from our site with. You can also use this CSR for ordering from other places as well.

Log into Kloxo and click on teh SSL Certificate link.

Now click on the Add Upload Txt tab. Put in the name of what you want to call the Paid Certificate. Example secure.mydomain.com Next in the Certificate Section Paste in the Certificate you got from the SSL company. Next in the Key Section Paste in the Key we copied earlier to notepad. Next for the CACert section if you have the CACert go ahead and put that in. However I believe most name brand SSL's will have this info in the browsers and I don't think you have to have it. However if you have the info by all means put it in there. Or if your having problems with your browser seeing the issuing company get the info and put it in. I just worked on a comodo ssl which worked ok for IE 7 but did not work in Firefox 3 with out have the CA Certificate.

Go ahead and click add

We are not back to the list of the SSL's on the server. Click on the SSL we just added. In my case secure.mydomain.com Next in the oval box that states

To assign this ssl certificate to a particular ipaddress, click here and then go into an ipaddress, and click on ssl certificate tab, and you can set one of these certificates to a particular ipaddress. The admin will need to have assigned you an exclusive ipaddress for you to access this feature.

click on the click here link.

Next click on the IP address we are using for the site that will have the SSL. Then click on SSL Configuration Home tab. Select the SSL we are wanting to use. Then click update.

I have found that at times Apache still needs a restart to get things working right away. If you go back to Home and then down to the Server : Linux section and click on Services Then on the line that has the Name of httpd click on the last bubble on that line. It is the restart bubble. If you mouse over the bubble it will pop up with what it does.

Now go to your site Example https://secure.mydomain.com and you should be good to go.

Add to Favourites Print this Article