Content Comparison

When the default certificate is replaced by a custom certificate, care should be taken to NOT overwrite the certificate. A new certificate is generally created, whenever the host name is modified within the Snare Central configuration wizard.

If you do NOT wish to overwrite the certificate, please ensure that you choose the option: "DO NOT regenerate the SSL browser certificate even if the server name has changed." in the "General" configuration section of the Snare Central wizard.

• Log into the Snare Central as the user 'snare'
• Run the following command:
  • openssl req -new -newkey rsa:2048 -nodes -keyout snareserver.key -out snareserver.csr
    • NOTE: Your certificate provider may support key lengths greater than 2048 bytes.
    • This command begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache the openssl tool.
    • When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing. If you are generating an Apache CSR for a Wildcard SSL Certificate, your common name should start with an asterisk (such as *.example.com).
    • You will then be prompted for your organizational information (including geographic location).
    • The file 'server.csr' will be created. Copy and paste the contents of this file, into the certificate order form of the organisation you will be purchasing your certificate from. You are likely to need to include the BEGIN and END sections of the content.
    • The snareserver.key file, will be required later, for certificate installation.
      • As root, place the file into the directory /etc/apache2/ssl/