Monday, March 3, 2008

Apache SSL Certificate Creation

# cd /usr/local/apache
# mkdir cert
# cd cert
1. Generate your own Certificate Authority (CA)
# openssl genrsa -out ca.key 4096
# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
2.Generate a server key and request for signing (csr)
# openssl genrsa -out server.key 4096
# openssl req -new -key server.key -out server.csr
3.Sign the certificate signing request (csr) with the self-created certificate authority (CA) that you made earlier
# openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

# vi /usr/local/apache/conf/httpd.conf
ServerName xxx.xxx.xxx.xxx:443
Listen xxx.xxx.xxx.xxx:443
LoadModule ssl_module modules/mod_ssl.so

SSLEngine on
SSLCertificateFile /usr/local/apache/cert/server.crt
SSLCertificateKeyFile /usr/local/apache/cert/server.key

# /usr/local/apache/bin/apachectl restart

To do the same with a Passphrase follow below

# cd /usr/local/apache
# mkdir cert
# cd cert
# openssl genrsa -des3 -out ca.key 4096
# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# openssl genrsa -des3 -out server.key 4096
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Rest of the configuration remains same

Reference

No comments: