Generate .csr and .key file
openssl req -new -newkey rsa:2048 -nodes -keyout headshots.leftlogic.com.key -out headshots.leftlogic.com.csr
Ensure the "common name" is the host you want to assign the certificate to (in my case it was headshots.leftlogic.com).
Paste the contents of the .csr file in to the .csr field in namecheap.com. Follow the authorisation emails from RapidSSL
Create the .crt file by combining the web server certificate and the imtermediate CA from RapidSSL (I've used cat
), so the file looks like this:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Save this with the extension .crt.
Create the .pem file by adding the .key file to the top of the .crt file:
cat headshots.leftlogic.com.key > headshots.leftlogic.com.pem
cat headshots.leftlogic.com.crt >> headshots.leftlogic.com.pem
Add both files to the stunnel config:
cert=/etc/stunnel/headshots.leftlogic.com.pem
key=/etc/stunnel/headshots.leftlogic.com.key
pid = /headshots-stunnel4.pid
[https]
accept = 443
connect = 9000
Restart stunnel
/etc/init.d/stunnel4 restart