SSL Apache csr .pem .key on GoDaddy

Question

Morning guys

I have never really dealt with SSL's on an apache server. I found the domain on godaddy for my site. Downloaded the CentOS Apache zip.

This includes

1. gd_bundle .crt
2. hereismysite.crt
3. blahblah.pem

Now,the folder that currently has the SSL has

1. gd_bundle .crt
2. hereismysite.crt
3. blahblah.key

I have this rekey thing on godaddy for the CSR?

I am a little confused as to how to do this step and what to do with it?

I followed some apache instructions here after I replaced the files with the new ones. (I also just replaced the .pem info in the key). Crashed the servers all on apachectl restart so put the old ones back and restarted again

https://ae.godaddy.com/help/manually-install-an-ssl-certificate-on-my-apache-server-centos-5238

I am baffled.

Anyone able to break it down for a dummy like me?

Answer 1

To configure your site you need the following:

1. A private key
2. A public certificate
3. A CA bundle containing intermediate certs (not always required)

The zip from godaddy contains the following:

1. gd_bundle.crt - This is the CA bundle
2. hereismysite.crt - This is your sites public certificate signed by godaddy
3. blahblah.pem - This is the same as hereismysite.crt in a different format (I haven't been able to verify why they do this, maybe convenience...?)

On your server, you have:

1. gd_bundle.crt - Same as above
2. hereismysite.crt - Same as above
3. blahblah.key - Your private key. This is generated during the CSR process. If you don't have or lost this file, then you need to rekey your cert as you mentioned in your post.

To put all this together, your Apache config will look something like this:

<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile "/path/to/hereismysite.crt"
    SSLCertificateKeyFile "/path/to/blahblah.key"
</VirtualHost>

See also: https://bofeng.github.io/post/godaddy-ssl-cert-nginx/