Creating SSL Certificates for Apache
Create a folder, say ssl
[root@host ~]# mkdir /root/ssl
[root@host ~]# cd /root/ssl
Creating your new private key (privkey.pem) and server.csr
It will ask you for a PEM pass phrase. Enter a pass phrase, confirm it and remember it !!!
Then it will ask you for few informations.
The most important is to set Common Name (eg, your name or your server's hostname) exactly as your hostname
[root@host ssl]# openssl req -config /usr/share/ssl/openssl.cnf -new -out server.csr
Generating a 1024 bit RSA private key
............++++++
...................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <--- Dont type anything here. Press Enter
An optional company name []: <--- Dont type anything here. Press Enter
[root@hostssl]#
Creating the server.key file
You must enter the PEM pass phrase
[root@host ssl]# openssl rsa -in privkey.pem -out server.key
Enter pass phrase for privkey.pem:
writing RSA key
[root@hostssl]#
Creating server.crt
[root@host ssl]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 1825
Signature ok
subject=/C=US/ST=Maryland/L=Annapolis/O=CompanyName/OU=Department/CN=host.domain.com/emailAddress=mailid@domain.com
Getting Private key
Now take the backup of old files and copy the newly created files
[root@host ssl]# cp /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.crt/server.crt.orig
[root@host ssl]# cp /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.key/server.key.orig
[root@host ssl]# cp server.crt /etc/httpd/conf/ssl.crt/
cp: overwrite `/etc/httpd/conf/ssl.crt/server.crt'? y
[root@hostssl]# cp server.key /etc/httpd/conf/ssl.key/
cp: overwrite `/etc/httpd/conf/ssl.key/server.key'? y
Now restart apache
[root@hosts ssl]#/etc/init.d/httpd restart
No comments:
Post a Comment