Skip to main content

How to Setup a GoDaddy SSL Certificate on CentOS/RHEL

Ok. Let's just get down to the knitty gritty! I was tired of searching for a tutorial. So I created this one for anyone else that wants/needs to setup an SSL asap within an hour!!!

1. Go to GoDaddy and grab an SSL Certificate. If you are a business or you do transactions and eCommerce and you have a registered business you actually pay taxes for. Use the Extended SSL.

NOTE: Thawte, Verisign, GlobalSign, Comodo sell SSL Certificates. Don't waist money! Use GoDaddy.

Steps to Get SSL Certificate:
1A. Buy the SSL Certificate!  http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8979


1B. Create the SSL Certificate - THIS STEP IS AFTER CREATING THE SERVER!

2. Build a server on your favorite Virtualization platform. Rackspacecloud is the best out there at this time and the most user friendly. There are a ton of other's, but either their UI is trash, their customer service sucks or they price gauge the mess out of you. If you are a company, use Rackspacecloud or Terremark's vCloudExpress. Both UI (User Interface)'s are great, simple, quick and easy to use.

NOTE: If you have to spend more than 10 minutes trying to figure out how to use their service. Drop them...it is a tell-tale sign of things to come if something breaks! eh..hmm...AmazonEC2..GoGrid...

3. Build your CentOS 5.5, Ubuntu LTS 10.04 or Red Hat Enterprise Linux 5.5 Server or even...uh...I hate to say it...Windows...geez...who would do that anyway?!!!.


4. Open a Terminator or Terminal Session (Ubuntu/CentOS/RHEL/Fedora) or Putty/SecureCRT for Windows Lovers.

[root@ssldemo ~]# ssh -X root@199.199.199.199

Authenticate with your root password and your in!

5. Update and upgrade your system! 
yum -y upgrade

6. Install the following packages. 
yum -y install mod_ssl httpd screen unzip

7. Change Your hostname, /etc/sysconfig/network file and /etc/hosts
hostname ssldemo.demo.com

vi /etc/sysconfig/network
HOSTNAME=ssldemo.demo.com

/etc/hosts
199.199.199.199 ssldemo ssldemo.demo.com

8. Now...restart your networking.

service network restart
/etc/init.d/network restart
If you are super paranoid!!!... init 3 ; init 5 or...even harsher... reboot

9. Create your .crt and .key files

Why Create the Wheel!!!! Links attached. 
Open a new Window if you have a dual monitor and just knock this out.

10. Cat your demossl.crt file and copy it to upload to GoDaddy to create your SSL certificate.

-----BEGIN CERTIFICATE-----
GobblygoopGobblygoopGobblygoopGobblygoopGobblygoopGobblygoopGobblygoop
GobblygoopGobblygoopGobblygoopGobblygoopGobblygoopGobblygoopGobblygoop
GobblygoopGobblygoopGobblygoopGobblygoopGobblygoopGobblygoopGobblygoop
YougetthepointYougetthepointYougetthepointYougetthepointYougetthepoint
YougetthepointYougetthepointYougetthepointYougetthepointYougetthepoint
-----END CERTIFICATE-----

11. Upload the certificate data and then download it. (Extended SSL will take time, but you can use your Turbo SSL Certificate while you are awaiting authorization verification from GoDaddy. They will call and they will check your company.)

12. Copy Your ssldemo.crt.zip file to the server (Apache 2.x)

scp /location/of/ssldemo.crt.zip  root@199.199.199.199:/etc/pki/tls/certs/
unzip your uploaded files
unzip ssldemo.crt.zip
copy or make sure that your ssldemo.crt and gd_bundle.crt is in /etc/pki/tls/certs
copy of make sure your ssldemo.key (remember that little tutorial? yeah..you need that file buddy) 
The .key file needs to be in /etc/pki/tls/private/

13. Modify the SSL Location of the .crt and .key files in ssl.conf
vi /etc/httpd/conf.d/ssl.conf
/Server Certificate (This is how you search in case you are wondering or non-vi user.
SSLCertificateFile /etc/pki/tls/certs/ssldemo.crt
SSLCertificateKeyFile /etc/pki/tls/private/ssldemo.key
SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.crt

NOTE: Just comment # out the defaults. Do not delete them. You never know if you jack something up. You can go back and fix it. Make sure you backup the file also.  If you delete it, Google.com/Linux may not save you!

14. Restart httpd/Apache
service httpd restart
type in the passphrase and you are now good to go!


15. Make sure port 443 is in /etc/sysconfig/iptables and restart iptables
service iptables restart










Popular posts from this blog

How to Configure HP ILO 4 for Active Directory Login

1. Make sure that your Windows Active Directory Domain Controller has an SSL Certificate to support port 636 (HP's authentication doesn't like 389)

2. Use Softerra LDAP Administrator (or whatever is your preferred tool to get the OU path) if you don't know how to do it by heart (which...um...sometimes its better to verify).

3. Make sure that you have a way to authenticate users by adding in the OU where your restricted accounts are located. You don't want anyone in the domain to be able to login to the server.

ILO Login > Administration > User Administration - Click New and Add the Group DN Only:



Click Add Group and then you will see your group added. (*Make sure it's a security group)


4. Add in your Windows Active Directory DC to authenticate against (Verified against 2008R2):

ILO Login > Administration > Security - Directory (*Make sure it's the OU where the security group is)


5. Sign Out (Log off) and then Log Back in (If you don't see Direct…

How to Fix /storage/core filesystem Out of Disk Space Error on VCSA 6.0U1

How to fix the error of "The /storage/core filesystem is out of disk space or inodes"


Step 1: Login to the new VCSA 6.0U1 HTML5 web client. https://ip address:5480



Step 2: Enable SSH and Bash Shell
Step 3: Login as root and type "shell" at Command> shell
Step 4: df -h (Check if it's out of space)
/dev/mapper/core_vg-core               50G   50G     0 100% /storage/core
Step 5: Stop the services of VCSA: 
hostname: # service vmware-vpxd stop hostname: # service vmware-vpxd status (make sure it is stopped)
Step 6:  cd /storage/core
Step 7: rm -rf *.tgz (be CAREFUL...do this in the wrong directory and you will be retrieving from a backup.)


If you need help. Go to Cybercity (http://www.cyberciti.biz/faq/delete-all-files-folder-linux/
Step 8: service vmware-vpxd restart

Step 9: history -c
Step 10: Refresh the browser (https://ip address:5480). Now it's all green


VMware KB: (

How to Configure BGInfo for Windows Server 2012 R2

FYI: It's not hypervisor specific and works fine for physical servers also.
Download BGINFO from Microsoft Downloads Only
http://technet.microsoft.com/en-us/sysinternals/bb897557

1. Create a folder named bginfo under C:\bginfo
2. Extract all of the contents of bginfo to that folder.
3. Open Bginfo and setup your configurations.


*Custom configurations can be found here thanks to Shay Levy: http://blogs.microsoft.co.il/scriptfanatic/2008/07/22/bginfo-custom-information/

4. Once you have completed your custom configurations. Click on File Save As and save your .bgi configuration to C:\bginfo (Don't bother saving to C:\Windows\System32\* SysPrep and Imaging will strip and mess up any settings so don't bother) *Do NOT just clone your VM's!!


5. After you have saved your configuration. Create a batch file named whatever and add the following to the first line (*whatever you named the .bgi file is what you put second after the bginfo.exe path):


6. In case you forgot how. Enable…