How to create an SSL certificate on Openshift for GoDaddy
Openshift makes it really easy to install both SSL and use a custom domain. The first step is to upgrade your Openshift to Bronze so that you can gain access to the SSL form feature.
The first thing you'll want to do is ensure that you've installed Red Hat's command-line tool using these instructions.
Logging into your Openshift app
SSH into Openshift app
rhccommand to log into your app.
rhc ssh -a <app name> --namespace <namespace>
Your --namespace is usually the name right after you create your app. For example:
If you'd like to understand more about the Openshift file structure, here is an excellent diagram.
Create an SSL certificate for Godaddy.
Before you generate a CSR, you need to first generate a private key. This private key will be installed on the server together with the issued certificate. A private key should never be shared with anyone and should be protected by a passphrase. There are two ways to generate the CSR and private key.
The following command will generate a 2048 bit RSA Private Key and stores it in the file appName.key.
openssl genrsa -des3 -out myApp.key 2048
After you have generated the private key, use the following command to generate the CSR.
openssl req -new -key myApp.key -out myApp.csr
If you don’t care about protecting your private key with a passphrase, you can just use the simpler command to generate both the key file and the CSR.
openssl req -nodes -newkey rsa:2048 -keyout myApp.key -out myApp.csr
However, if you use the simpler command, your private key won’t be encrypted. To prevent your private key from getting abused, you should always use a passphrase to “lock it”.
You will be prompted to enter the some of the following information in order to generate the private key and CSR pair off the web server
Country Name (2 letter code) [XX]:COUNTRY
State or Province Name (full name) :STATE INITIALS
Locality Name (eg, city) [Default City]:CITY NAME
Organization Name (eg, company) [Default Company Ltd]:YOUR COMPANY NAME
Organizational Unit Name (eg, section) :I SKIP THIS
Common Name (eg, your name or your server's hostname) :www.domain.com
Email Address :email@example.com
Once the private key and CSR files are generated, you can use the following command to display the content of
myApp.csrfile. Copy the entire block, including the BEGIN and END lines and paste it into where the CSR is requested on the website where you purchased the SSL.
Download your private key file and save it as
myApp.keyon your computer. Later, you will need to add this key file together with the SSL certificate for your domain to your application.