(2024.1) Setting up Bypass VHOSTs & URLs
- Brian Dixon
- Rob Alber
- David Engblom
Owned by Brian Dixon
Generate the Certificate Signing Request (CSR)
Log in to the sever. Root or sudo access is required.
# Change the following to your Customer ID ({CUSTOMER ID}) provided by PCR
NAME="{CUSTOMER ID}"
# Example
# NAME="pcr"
# Create the key and csr
sudo openssl req -new -newkey rsa:2048 -nodes \
-keyout /etc/ssl/private/$NAME.key \
-out /etc/ssl/private/$NAME.csr \
-subj "/CN=*.$NAME.bypass/OU=Bypass/O=PCR/L=Grand Rapids/ST=Michigan/C=US" \
-addext "subjectAltName = DNS:*.$NAME.bypass, DNS:$NAME.bypass, DNS:prod.$NAME.bypass, DNS:test.$NAME.bypass"
# display the csr contents
sudo cat /etc/ssl/private/$NAME.csrThe CSR will look like this:
-----BEGIN CERTIFICATE REQUEST-----
asdaHjCCAgYCAQAwcTEZMBcGA1UEAwwQKi50ZXN0Y3NyLmJ5cGFzczEPMA0GA1UE
Cww INVALID CSR sgYDVQQKDANQQ1IxFTATBg INVALID CSR sIFJhcGlkczER
MA8GA1UECAwITWljaGlnYW4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEApLdTQdjk8lyAkCZJNOPoLLEWH2Ezwh8MZVpKQJ0pv4Ni
G9gLyZxzKisk8nRB/iMfAa94jUGFqe1dpFJsTaRLJSVp7l8/gfx/psKPiwKrs3Um
fDVIJqWrpRq0s8vX7T5np7j/c1t1OSmseKs+O7J0lR+prvlmiWiSOS1ZL4Uz7RtS
K/F3BphrizfNNPEAd6r7Dk6uIsdf3X3/QAbdh45GPhcWGUdiLKOlaa2nkRk8TkIp
pKl+d4Zx+seZynTugdLq5 INVALID CSR TiqbnavXOz2QwwgbawMyxWI17EBUDf
0tyxPST75G+W5Du/yeO8gY2jperyfhqzR6qJoQaRhwIDAQABoGgwZgYJKoZIhvcN
AQkOMVkwVzBVBgNVHREETjBMghAqLnRlc3Rjc3IuYnlwYXNzgg50ZXN0Y3NyLmJ5
cGFzc4ITcHJvZC50ZXN0Y3NyLmJ5cGFzc4ITdGVzdC50ZXN0Y3NyLmJ5cGFzczAN
BgkqhkiG9w0BAQsFAAOCAQEAbZX3yf/RSRb/qDlP3B90bCedb5kOAinbSqlTAFMv
86gw INVALID CSR sNI/McDhTyFEasGCTyQZQ5Sa4+psC7TsYHwhT39s0KOTue5
mD7PIwNC3VqrSeJrJrz18G/F8KXNR0QoQhbPZ7dsCWHs3nJIH5x1+pP159qIp3uq
I7bHoVW8TstsHTTMWtoUlF246ClVo58fh4a+RSosnIqj4ab1s7LWpP7YDoJf6ZV1
qDuDxywgE69JRWmKachMGgH+XcK0r+3ZruI24a6oyJbGao8yeCpe
-----END CERTIFICATE REQUEST-----Send the text of the CSR (or the file located in /etc/ssl/ to PCR.
PCR will send back a Certificate File (CRT).
Place the file in the /etc/ssl/certs/ directory.
Apache Config
The Virtual Hosts for PROD & TEST must be updated for the new Certificate and ServerAlias.
Locate the .conf files. These are located here:
/etc/apache2/sites-available (Ubuntu)
/etc/httpd/conf.d (RHEL / CentOS)
pcr360_prod.conf
<VirtualHost *:443>
# The ServerName should be similar to the following:
ServerName pcr360.{CUSTOMER ID}.pcr.com
# Add the following. Make sure to update {CUSTOMER ID} with your Customer ID.
ServerAlias prod.{CUSTOMER ID}.bypassLocate the SSL Certificate directives within the same Virtual Host and update them to reflect the new Certificate files.
pcr360_prod.conf
Once done, it should look similar to this:
pcr360_prod.conf
Update the Virtual Host for TEST. This is usually in pcr360_test.conf.
pcr360_test.conf
Reload Apache: