Here is a short tutorial how to set up a Thawte SSL 123 SSL certificate (a domain-only validation SSL Certificate). In a nutshell, it takes two steps: First, you need to create your private key and the certificate signing request to request the certificate. In a second step you need to configure your web server to use the certificate.
1. Create private key and certificate signing request
To create your private key and the certificate signing request use the following command:
# sudo openssl req -newkey rsa:2048 -nodes -keyout www.your-domain.com.pem -out www.your-domain.com.csr.pem # chmod 600 www.your-domain.com.pem && chmod 600 www.your-domain.com.csr.pem
It is important to input your country code for the field “Country Name (2 letter code)” and the exact domain name (including all subdomains like www) for the field “Common Name (eg, YOUR name) “. Since the Thawte SSL 123 SSL certificate is a “domain-only validation certificate” the informations like company name or email address are irrelevant. The command creates to files: www.your-domain.com.pem (your private key) and www.your-domain.com.csr.pem (the certificate signing request). In the purchase process you will be asked for the CSR information; just copy and paste the data from your www.your-domain.com.csr.pem file:
-----BEGIN CERTIFICATE REQUEST----- [...] -----END CERTIFICATE REQUEST-----
2. Configure Apache2 web server to use the SSL certificate
After the purchasing process you will get your certificate, which look like:
-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE-----
Just paste the data at the end of your private key file www.your-domain.com.pem. Since Thawte has upgraded their root hierarchy to 2048bit RSA Keys (more information), you need an Intermediate CA file to support old web browsers (like old versions of Internet Explorer). For the Apache2 web server you can download the file from Thawte:
# wget https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem
In your vhosts configuration the ssl options need to refer to the your certificate file and the Intermediate CA file:
ServerName www.your-domain.com SSLEngine on SSLCertificateFile /path/to/file/www.your-domain.com.pem SSLCACertificateFile /path/to/file/SSL123_CA_Bundle.pem [...]
In a last step, reload/restart your web server to activate the new configuration.