Document toolboxDocument toolbox

Setting up Bypass VHOSTs & URLs

Generate the Certificate Signing Request (CSR)

Log in to the sever. Root or sudo access is required.

# Change the following to your Customer ID ({CUSTOMER ID}) provided by PCR NAME="{CUSTOMER ID}" # Example # NAME="pcr" # Create the key and csr sudo openssl req -new -newkey rsa:2048 -nodes \ -keyout /etc/ssl/private/$NAME.key \ -out /etc/ssl/private/$NAME.csr \ -subj "/CN=*.$NAME.bypass/OU=Bypass/O=PCR/L=Grand Rapids/ST=Michigan/C=US" \ -addext "subjectAltName = DNS:*.$NAME.bypass, DNS:$NAME.bypass, DNS:prod.$NAME.bypass, DNS:test.$NAME.bypass" # display the csr contents sudo cat /etc/ssl/private/$NAME.csr

The CSR will look like this:

-----BEGIN CERTIFICATE REQUEST----- asdaHjCCAgYCAQAwcTEZMBcGA1UEAwwQKi50ZXN0Y3NyLmJ5cGFzczEPMA0GA1UE Cww INVALID CSR sgYDVQQKDANQQ1IxFTATBg INVALID CSR sIFJhcGlkczER MA8GA1UECAwITWljaGlnYW4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEApLdTQdjk8lyAkCZJNOPoLLEWH2Ezwh8MZVpKQJ0pv4Ni G9gLyZxzKisk8nRB/iMfAa94jUGFqe1dpFJsTaRLJSVp7l8/gfx/psKPiwKrs3Um fDVIJqWrpRq0s8vX7T5np7j/c1t1OSmseKs+O7J0lR+prvlmiWiSOS1ZL4Uz7RtS K/F3BphrizfNNPEAd6r7Dk6uIsdf3X3/QAbdh45GPhcWGUdiLKOlaa2nkRk8TkIp pKl+d4Zx+seZynTugdLq5 INVALID CSR TiqbnavXOz2QwwgbawMyxWI17EBUDf 0tyxPST75G+W5Du/yeO8gY2jperyfhqzR6qJoQaRhwIDAQABoGgwZgYJKoZIhvcN AQkOMVkwVzBVBgNVHREETjBMghAqLnRlc3Rjc3IuYnlwYXNzgg50ZXN0Y3NyLmJ5 cGFzc4ITcHJvZC50ZXN0Y3NyLmJ5cGFzc4ITdGVzdC50ZXN0Y3NyLmJ5cGFzczAN BgkqhkiG9w0BAQsFAAOCAQEAbZX3yf/RSRb/qDlP3B90bCedb5kOAinbSqlTAFMv 86gw INVALID CSR sNI/McDhTyFEasGCTyQZQ5Sa4+psC7TsYHwhT39s0KOTue5 mD7PIwNC3VqrSeJrJrz18G/F8KXNR0QoQhbPZ7dsCWHs3nJIH5x1+pP159qIp3uq I7bHoVW8TstsHTTMWtoUlF246ClVo58fh4a+RSosnIqj4ab1s7LWpP7YDoJf6ZV1 qDuDxywgE69JRWmKachMGgH+XcK0r+3ZruI24a6oyJbGao8yeCpe -----END CERTIFICATE REQUEST-----

Send the text of the CSR (or the file located in /etc/ssl/ to PCR.

PCR will send back a Certificate File (CRT).

Place the file in the /etc/ssl/certs/ directory.

Apache Config

The Virtual Hosts for PROD & TEST must be updated for the new Certificate and ServerAlias.

Locate the .conf files. These are located here:

  • /etc/apache2/sites-available (Ubuntu)

  • /etc/httpd/conf.d (RHEL / CentOS)

pcr360_prod.conf
<VirtualHost *:443> # The ServerName should be similar to the following: ServerName pcr360.{CUSTOMER ID}.pcr.com # Add the following. Make sure to update {CUSTOMER ID} with your Customer ID. ServerAlias prod.{CUSTOMER ID}.bypass

Locate the SSL Certificate directives within the same Virtual Host and update them to reflect the new Certificate files.

pcr360_prod.conf

Once done, it should look similar to this:

pcr360_prod.conf

Update the Virtual Host for TEST. This is usually in pcr360_test.conf. 

pcr360_test.conf

Reload Apache: