Prepare a directory on your NearlyFreeSpeech server and move into it:
$ mkdir /home/protected/ssl $ cd /home/protected/ssl
Generate your private key and csr (certificate signing Request) file (adjust
myserver to your own domain, if desired):
$ openssl req -new -newkey rsa:2048 -nodes -keyout myserver.key -out myserver.csr Generating a 2048 bit RSA private key ...
The command will prompt you with a series of questions. Provide:
NAfor an individual.
After generation, you should have two (2) files:
|myserver.key||Private Key File|
|myserver.csr||Certificate Signing Request File|
With a purchased SSL certificate from Namecheap, start the activation process (an “Activate” button should exist for your newly purchased key). The start of the activation process will ask your for your CSR. Copy-n-paste the content from your
myserver.csr file into the input. Validate that your “Primary Domain” matches your target domain. For “Server Type”, ensure the option with
Apache is selected. Complete the confirmation process.
When your certificate moves from to , you should be able to download the certificate by going to “Details –> Download Certificate”. This will invoke a download of a ZIP file which contains the following important files:
|www_example_org.ca-bundle||The Certificate Chain|
Upload both the
crt files to your
Verify your certificate by using the following command:
$ openssl verify -untrusted www_example_org.ca-bundle www_example_org.crt www_example_org.crt: OK
Enable TLS on your site by invoking the following command:
$ cat myserver.key www_example_org.crt www_example_org.ca-bundle | nfsn -i set-tls INFO: Enabling TLS for example.org INFO: Enabling front-end HTTPS for example.org INFO: Enabling TLS for www.example.org INFO: Enabling front-end HTTPS for www.example.org INFO: Flagging canonical name as HTTPS-enabled. e4: OK (example.org, www.example.org) e3: OK (example.org, www.example.org) e6: OK (example.org, www.example.org) e5: OK (example.org, www.example.org) OK: Setup was fully confirmed.
In a few moments, your certificate should be up and running.