How to verify the modulus of the CSR,Private Key and Certificate

To verify that a private key matches its certificate we need to compare their modulus.

First move to the directory,where you placed your SSL certificate.

ls

To view the modulus of the CSR, use the following command:

openssl req -noout -modulus -in rbgeek_com.csr | openssl md5

Note: Please replace rbgeek_com.csr with your csr file

Next, to view the modulus of the Private Key, use the following command:

openssl rsa -noout -modulus -in rbgeek_com.key | openssl md5

The output of these commands are identical, which means that the Private Key was created using the supplied CSR.

Next, to view the modulus of the SSL Certificate, use the following command:

openssl x509 -noout -modulus -in rbgeek_com.crt | openssl md5

If everything matches (same modulus), the files are compatible.

To verify the bundle certificate with the ssl certificate, use the following command:

openssl verify -CAfile rbgeek_com.ca-bundle rbgeek_com.crt

OK indicate that the bundle certificate is compatible with SSL certificate.

EXTRA INFO: 

If we have CARoot certificate and chain certificate then we can create a bundle from it like this:

touch rbgeek_com.ca-bundle
cat rbgeekCARoot.crt >> rbgeek_com.ca-bundle
cat rbgeekServerCA.crt >> rbgeek_com.ca-bundle

Check the bundle file that it’s format is correct.

cat rbgeek_com.ca-bundle

Then verify it:

openssl verify -CAfile rbgeek_com.ca-bundle rbgeek_com.crt

Enjoy 

Hope this will help you!

How to Enable SSL in Apache2 on Ubuntu

In this tutorial, I’ll explain you that how to enable the SSL for your website under Apache2 on Ubuntu Server. For this, I’m assuming:

1. That you have a working apache2 setup on your Ubuntu Server.

2. You have correctly configured the dns records for your domain.

3. You already got a certificate from a trusted certificate authority (CA) such as Godaddy,Verisign, Comodo, etc.

Let’s verify our web server that it is up and running, before beginning this tutorial:

http://rbgeek.com

Create a directory inside the /etc/apache2/ directory,where we’ll save the private key, public key certificate and bundle certificate:

cd /etc/apache2/ 
sudo mkdir ssl

Transfer the private key, public key certificate and bundle certificate inside the /etc/apache2/ssl/ directory and verify it:

cd ssl
ls

We want to configure the apache in such a way that it’ll run on HTTPs and for this we need to enable ssl Apache2 module with a2enmod:

sudo a2enmod ssl

It will suggest you to restart apache,ignore that message for now.

Edit the ports.conf file:

sudo nano /etc/apache2/ports.conf

Ensure that port 443 is defined as follows and add the NameVirtualHost for port 443,comment other lines:

NameVirtualHost *:443
Listen 443

Open up the SSL config file:

sudo nano /etc/apache2/sites-available/default-ssl

Fill in the correct ServerAdmin email address,add the ServerName line and adjust the path in the DocumentRootline. Also make sure that we have a valid path for the SSL:


Now we need to configure the SSL site:

sudo a2ensite default-ssl

Restart the Apache service:

sudo /etc/init.d/apache2 restart

Now we should be able to connect to the server through SSL using Chrome or any other browser:



Verify the Certificate, that it’s the same that we got from a trusted certificate authority (CA) and configured:



Our Web Server is also working with http (port 80).But, we don’t want that users access it through http, we only want to access it through https. To fix this, we need to edit the /etc/apache2/sites-available/default file:

sudo nano /etc/apache2/sites-available/default

Delete everything and add a redirection:

RedirectPermanent / https://rbgeek.com/

Restart the apache2 service:

sudo /etc/init.d/apache2 restart

Now if we go to http://rbgeek.com/, it will redirect us to https://rbgeek.com/