Document toolboxDocument toolbox

(v1) Setting up Bypass VHOSTs & URLs

Generate the Certificate Signing Request (CSR)

Log in to the sever. Root or sudo access is required.

# Change the following to your Customer ID ({CUSTOMER ID}) provided by PCR
NAME="{CUSTOMER ID}"

# Example
# NAME="pcr"

# Create the key and csr
sudo openssl req -new -newkey rsa:2048 -nodes \
    -keyout /etc/ssl/private/$NAME.key \
    -out /etc/ssl/private/$NAME.csr \
    -subj "/CN=*.$NAME.bypass/OU=Bypass/O=PCR/L=Grand Rapids/ST=Michigan/C=US" \
    -addext "subjectAltName = DNS:*.$NAME.bypass, DNS:$NAME.bypass, DNS:prod.$NAME.bypass, DNS:test.$NAME.bypass"
 
# display the csr contents
sudo cat /etc/ssl/private/$NAME.csr

The CSR will look like this:

-----BEGIN CERTIFICATE REQUEST-----
asdaHjCCAgYCAQAwcTEZMBcGA1UEAwwQKi50ZXN0Y3NyLmJ5cGFzczEPMA0GA1UE
Cww INVALID CSR sgYDVQQKDANQQ1IxFTATBg INVALID CSR sIFJhcGlkczER
MA8GA1UECAwITWljaGlnYW4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEApLdTQdjk8lyAkCZJNOPoLLEWH2Ezwh8MZVpKQJ0pv4Ni
G9gLyZxzKisk8nRB/iMfAa94jUGFqe1dpFJsTaRLJSVp7l8/gfx/psKPiwKrs3Um
fDVIJqWrpRq0s8vX7T5np7j/c1t1OSmseKs+O7J0lR+prvlmiWiSOS1ZL4Uz7RtS
K/F3BphrizfNNPEAd6r7Dk6uIsdf3X3/QAbdh45GPhcWGUdiLKOlaa2nkRk8TkIp
pKl+d4Zx+seZynTugdLq5 INVALID CSR TiqbnavXOz2QwwgbawMyxWI17EBUDf
0tyxPST75G+W5Du/yeO8gY2jperyfhqzR6qJoQaRhwIDAQABoGgwZgYJKoZIhvcN
AQkOMVkwVzBVBgNVHREETjBMghAqLnRlc3Rjc3IuYnlwYXNzgg50ZXN0Y3NyLmJ5
cGFzc4ITcHJvZC50ZXN0Y3NyLmJ5cGFzc4ITdGVzdC50ZXN0Y3NyLmJ5cGFzczAN
BgkqhkiG9w0BAQsFAAOCAQEAbZX3yf/RSRb/qDlP3B90bCedb5kOAinbSqlTAFMv
86gw INVALID CSR sNI/McDhTyFEasGCTyQZQ5Sa4+psC7TsYHwhT39s0KOTue5
mD7PIwNC3VqrSeJrJrz18G/F8KXNR0QoQhbPZ7dsCWHs3nJIH5x1+pP159qIp3uq
I7bHoVW8TstsHTTMWtoUlF246ClVo58fh4a+RSosnIqj4ab1s7LWpP7YDoJf6ZV1
qDuDxywgE69JRWmKachMGgH+XcK0r+3ZruI24a6oyJbGao8yeCpe
-----END CERTIFICATE REQUEST-----

Send the text of the CSR (or the file located in /etc/ssl/ to PCR.

PCR will send back a Certificate File (CRT).

Place the file in the /etc/ssl/certs/ directory.

Apache Config

The Virtual Hosts for PROD & TEST must be updated for the new Certificate and ServerAlias.

Locate the .conf files. These are located here:

  • /etc/apache2/sites-available (Ubuntu)
  • /etc/httpd/conf.d (RHEL / CentOS)
pcr360_prod.conf
<VirtualHost *:443>
    # The ServerName should be similar to the following:
    ServerName pcr360.{CUSTOMER ID}.pcr.com
    # Add the following. Make sure to update {CUSTOMER ID} with your Customer ID.
    ServerAlias prod.{CUSTOMER ID}.bypass

Locate the SSL Certificate directives within the same Virtual Host and update them to reflect the new Certificate files.

pcr360_prod.conf
<VirtualHost *:443>
    # ...
    SSLCertificateFile /etc/ssl/certs/{CUSTOMER ID}.crt
    SSLCertificateKeyFile /etc/ssl/private/{CUSTOMER ID}.key
    # ...

Once done, it should look similar to this:

pcr360_prod.conf
<VirtualHost *:443>
    # ...
    # SSL
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/pcr.crt
    SSLCertificateKeyFile /etc/ssl/private/pcr.key
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
    SSLHonorCipherOrder on
    # ...

Update the Virtual Host for TEST. This is usually in pcr360_test.conf. 

pcr360_test.conf
<VirtualHost *:443>
    # The ServerName should be similar to the following:
    ServerName pcr360-test.{CUSTOMER ID}.pcr.com
    # Add the following. Make sure to update {CUSTOMER ID} with your Customer ID.
    ServerAlias test.{CUSTOMER ID}.bypass

    # ...
    SSLCertificateFile /etc/ssl/certs/{CUSTOMER ID}.crt
    SSLCertificateKeyFile /etc/ssl/private/{CUSTOMER ID}.key
    # ...

Reload Apache:

systemctl reload apache2   # Ubuntu
systemctl reload httpd     # RHEL / CentOS


Help Desk Portal - Email: help@pcr.com - Phone: 616.259.9242