1. SSH or telnet to your server

  2. Change to the ~/etc/ directory:

    % cd ~/etc
  3. Issue the following command (FreeBSD or Solaris):

    openssl req -new
  4. Make entries as requested. Remember that common name refers to the domain name that you want to use when accessing yout site using SSL (e.g. domain.com or www.domain.com or cname.domain.com or *.domain.com)

  5. When all entries are made you will be given a CSR, it is best to make a copy of this CSR somewhere you won't lose (cut and paste to your server and to your PC preferably) because you can use this CSR to make renewals to your Cert in years to come.

  6. Your Private Key that goes with the CSR got placed into a file called privkey.pem. Copy the file into your ~/etc/ directory and name it ssl.pk.

    % cp privkey.pem ~/etc/ssl.pk
  7. The CSR you generated can now be used to obtain an SSL Certificate from a signing company, follow the directions on the signing company's site.

  8. When you have the certificate, save it in a file in your ~/etc/ directory with the name ssl.cert

    There are a few ways to do this. The easiest way is to copy and paste the certificate into a file on your PC and upload it to your server.

    NOTE: Be sure to copy the certificate exactly as you received it from the certificate authority. If the certificate gets changed in any way, you will not be able to use it.

  9. Run the following command on your private key in order to activate the key.

    % openssl rsa -in ~/etc/ssl.pk -out ~/etc/ssl.pk

    Your SSL certificate should now work.

Please note: the information on this page applies to ITS web hosting plans. It may or may not apply to other environments. If you are looking for a feature described here, or better support from your hosting provider, please consider hosting your site with ITS!

1555 N Naperville/Wheaton Road, Suite 107
Naperville, IL 60563
phone 630.420.2550
fax 630.420.2771