-1

I need to add SSL to a Apache/Linux sever.

Do I have to generate CSR from the same server which I need to add SSL?

Also when I add SSL in Apache sever, can I omit mentioning key file like below?

<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile /path/to/www.example.com.cert
    SSLCertificateChainFile /path/to/DigiCertCA.crt
</VirtualHost>
MadHatter
  • 78,442
  • 20
  • 178
  • 229
ChamingaD
  • 139
  • 5

1 Answers1

3

You do not have to generate the CSR on the server where it is going to be used, but for certificates only used on a single server, it is highly recommended that you generate the keys on the server and never let it leave that host.

You will need to let Apache know where the private key can be found however.

Think of the private and public key as a set of unique English-Korean dictionaries.

The browser speaks English only - so does Apache

When the browser wants to send something to Apache in secrecy, it obtains the English-Korean dictionary (the certificate/public key) from Apache and translates the secret message to Korean.

When Apache receives the secret message, it needs the Korean-English dictionary (the private key) to translate it in order to make sense of it.

Without the private key, everything sent to the web server is pure korean and apache won't know how to respond

Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95
  • 2
    To any Korean-speaking users: I apologize in advance, I'm not trying to imply that the Korean language is weirdly padded and prone to implementation errors - It's just cryptic from an ignorant western language perspective, that's all – Mathias R. Jessen Apr 22 '14 at 11:23