Setup apache with a self-signed SSL/TLS-certificate: Difference between revisions
Jump to navigation
Jump to search
(Created page with " ---- * Links ** http://www.akadia.com/services/ssh_test_certificate.html Category:Misc") |
No edit summary |
||
Line 1: | Line 1: | ||
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ <b>openssl genrsa -des3 -out server.key 1024</b> | |||
Generating RSA private key, 1024 bit long modulus | |||
.........++++++ | |||
..........++++++ | |||
e is 65537 (0x10001) | |||
Enter pass phrase for server.key: | |||
Verifying - Enter pass phrase for server.key: | |||
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ <b>openssl req -new -key server.key -out server.csr</b> | |||
Enter pass phrase for server.key: | |||
You are about to be asked to enter information that will be incorporated | |||
into your certificate request. | |||
What you are about to enter is what is called a Distinguished Name or a DN. | |||
There are quite a few fields but you can leave some blank | |||
For some fields there will be a default value, | |||
If you enter '.', the field will be left blank. | |||
----- | |||
Country Name (2 letter code) [AU]:DE | |||
State or Province Name (full name) [Some-State]:BW | |||
Locality Name (eg, city) []:Offenburg | |||
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Wurst-Wasser.net | |||
Organizational Unit Name (eg, section) []:IT | |||
Common Name (e.g. server FQDN or YOUR name) []:www.wurst-wasser.net | |||
Email Address []:usenet at wurst-wasser.net | |||
Please enter the following 'extra' attributes | |||
to be sent with your certificate request | |||
A challenge password []: | |||
An optional company name []: | |||
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ <b>mv server.key server.key.secured_with_passphrase</b> | |||
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ <b>openssl rsa -in server.key.secured_with_passphrase -out server.key</b> | |||
Enter pass phrase for server.key.secured_with_passphrase: | |||
writing RSA key | |||
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ <b>openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt</b> | |||
Signature ok | |||
subject=/C=DE/ST=BW/L=Offenburg/O=Wurst-Wasser.net/OU=IT/CN=www.wurst-wasser.net/emailAddress=usenet at wurst-wasser.net | |||
Getting Private key | |||
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ | |||
Now, make sure, mod_ssl is installed and install the certificates: | |||
cp server.crt /usr/local/apache/conf/ssl.crt | |||
cp server.key /usr/local/apache/conf/ssl.key | |||
And setup SSL: | |||
SSLEngine on | |||
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt | |||
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key | |||
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown | |||
CustomLog logs/ssl_request_log \ | |||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |||
Then restart [[apache]] | |||
apachectl restart | |||
Latest revision as of 21:09, 7 October 2013
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .........++++++ ..........++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:BW Locality Name (eg, city) []:Offenburg Organization Name (eg, company) [Internet Widgits Pty Ltd]:Wurst-Wasser.net Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:www.wurst-wasser.net Email Address []:usenet at wurst-wasser.net Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ mv server.key server.key.secured_with_passphrase WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl rsa -in server.key.secured_with_passphrase -out server.key Enter pass phrase for server.key.secured_with_passphrase: writing RSA key WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=DE/ST=BW/L=Offenburg/O=Wurst-Wasser.net/OU=IT/CN=www.wurst-wasser.net/emailAddress=usenet at wurst-wasser.net Getting Private key WroDos-MacBook-Air:Zertifikate fuer SSL heiko$
Now, make sure, mod_ssl is installed and install the certificates:
cp server.crt /usr/local/apache/conf/ssl.crt cp server.key /usr/local/apache/conf/ssl.key
And setup SSL:
SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Then restart apache
apachectl restart