keytool -keysize 2048 -genkey -alias tugrulaslan.net -keyalg RSA –dname “CN=tugrulaslan.net,O=company,L=Istanbul,S=Istanbul,C=TR” -keystore keystore.jks
keytool –certreq –alias tugrulaslan.net –keystore keystore.jks –file cert_req.csr
keytool -import -alias tugrulaslan.net -keystore keystore.jks -trustcacerts -file yourdomain.com.crt
send that csr to generate your ssl file then download x509 certificate from geotrust
then move the certificate to /root
IMPORT SSL INTO KEYSTORE
download x509 format
and save first server certificate as root.crt
save last intermediate.crt and transfer all files to your ftp
then copy them to domain folder
then
keytool -import -alias intermediate -keystore keystore.jks -trustcacerts -file intermediate.crt
keytool -import -alias root -keystore keystore.jks -trustcacerts -file root.com.crt
keytool -import -alias yourdomain -keystore keystore.jks -trustcacerts -file yourdomain.com.crt
then nano domain.xml
here change all s1as as your domain name and fire up your server
export key file
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias jkskeyalias -deststorepass password -destkeypass password openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem
convert pem to key
openssl rsa -outform der -in private.pem -out private.key
then move the key file to /root for security
edit /etc/httpd/conf.d/ssl.conf below
<VirtualHost _default_:443>
ServerName tugrulaslan.net
SSLProxyEngine on
ProxyPreserveHost On
ProxyPass / https://localhost:8181/
ProxyPassReverse / https://localhost:8181/
SSLEngine on
SSLCertificateFile /root/X509CERTIFICATE FROM GEOTRUST.crt
SSLCertificateKeyFile /root/private.key(EXPORTED FROM KEYTOOL)
</VirtualHost>
if you only want https when http request is received then do the following in /etc/httpd/conf/httpd.conf
<VirtualHost *:80> ServerName <span class="highlight">example.com</span> Redirect permanent / https://example.com/ </VirtualHost> add firewall
<tt class="COMMAND">iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT</tt>
<tt class="COMMAND">iptables -A OUTPUT -p tcp -m tcp --dport 433 -j ACCEPT service iptables save service iptables restart</tt>
<tt class="COMMAND"></tt>