====== RapidSSL ======

  * https://www.sslmarket.cz
  * https://www.ssls.cz/

Pořízení SSL certifikátu a nasazení na CentOS 6.X.

https://www.rapidssl.com/buy-ssl/index.html - Secure a single domain with strong encryption in just minutes.
===== Vytvoření privátního klíče =====

Nastavit si netriviální heslo.

<code>
shell# openssl genrsa -des3 -out www.isn.cz.key 2048
</code>

<code>
Generating RSA private key, 2048 bit long modulus
.............................................+++
.............................................+++
.............................................+++
Enter pass phrase for www.isn.cz.key:
Verifying - Enter pass phrase for www.isn.cz.key:
</code>
===== Vytvoření CSR klíče =====

<code>
shell# openssl req -new -key www.isn.cz.key -out www.isn.cz.csr
</code>

<code>
Enter pass phrase for www.isn.cz.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CZ
State or Province Name (full name) []:Czech Republic
Locality Name (eg, city) [Default City]:Mlada Boleslav
Organization Name (eg, company) [Default Company Ltd]:ISN.CZ
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.isn.cz
Email Address []: postmaster@isn.cz

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
</code>

===== Export privátního klíče bez hesla =====

Pro automatické spuštění http serveru.

<code>
shell# openssl rsa -in www.isn.cz.key -out www.isn.cz-bh.key
</code>

===== HTTPD =====

<code>
<VirtualHost *:443>
  ServerAdmin postmaster@isn.cz
  DocumentRoot /var/www/html
  ServerName www.isn.cz
  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/www.isn.cz.crt
  SSLCertificateKeyFile /etc/pki/tls/private/www.isn.cz-bh.key
  SSLCACertificateFile /etc/httpd/conf/ssl.crt/www.isn.cz.pem
  ErrorLog /var/log/httpd/https_isn.cz-error_log
  CustomLog /var/log/httpd/https_isn.cz-access_log common
</VirtualHost>
</code>