Я сгенерировал новый закрытый ключ и csr
root@univhub:/# openssl req -out /etc/ssl/certs/univhub.csr -new -newkey rsa:2048 -nodes -keyout /etc/ssl/private/univhub.key
Generating a 2048 bit RSA private key
.............................................................+++
...............+++
writing new private key to '/etc/ssl/private/univhub.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:NP
State or Province Name (full name) [Some-State]:Bagmati
Locality Name (eg, city) []:Kathmandu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Univhub Private Limited
Organizational Unit Name (eg, section) []:IT Department
Common Name (e.g. server FQDN or YOUR name) []:univhub.com
Email Address []:root@univhub.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
И моя рабочая конфигурация apache имеет следующие строки
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#SSLCertificateFile /etc/ssl/certs/univhub.csr
#SSLCertificateKeyFile /etc/ssl/private/univhub.key
При возврате коментированных строк я получаю одну строку в журнале ошибок apache
AH00016: Configuration Failed
CSR необходимо проверить и превратить в сертификат, обычно за это вы платите компании SSL. Обычно вы покупаете сертификат и загружаете CSR, который затем возвращается как подтвержденный сертификат.