1. Buy a Standard SSL Cert from GoDaddy
2. Make sure the whois record of the domain name is not private, and you have the access to the contact email
3. Login to Linux and enter this command:
openssl req -new -newkey rsa:2048 -nodes -keyout ca.key -out ca.csr
Enter the following information:
Passphrase: (pick a passphrase yourself and remember to mark it down)
Country Name: HK
State or Province Name: HKSAR
Locality Name: Hong Kong
Organization Name: MyHelper
Organizational Unit Name: MyHelper
Common name: my-helper.com
Email Address: [email protected]
A challenge password: (empty)
An optional company name: (empty)
4. Copy the content of ca.csr to GoDaddy and follow this instruction to request the SSL Cert from GoDaddy:
https://products.secureserver.net/products/howtoapplyturbo.htm
5. Upload domain.com.crt and gd_bundle.crt to server
6. Open ssl.conf and enter:
DocumentRoot "/var/www/vhosts/myhelper/htdocs"
SSLCertificateFile /etc/pki/tls/certs/myhelper/myhelper.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/myhelper/ca.key
SSLCertificateChainFile /etc/pki/tls/certs/myhelper/gd_bundle.crt
<Directory "/var/www/vhosts/myhelper/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
7. Stop Apache prompt for passphrase on next restart
cp /etc/pki/tls/certs/myhelper/ca.key /etc/pki/tls/certs/myhelper/ca.key.bak openssl rsa -in /etc/pki/tls/certs/myhelper/ca.key -out /etc/pki/tls/certs/myhelper/ca.key
Reference:
http://blog.yorkxin.org/2009/02/23/buying-a-turbo-ssl-cert/
http://www.mnxsolutions.com/apache/removing-a-passphrase-from-an-ssl-key.html