kinggeek.co.uk
  • You are here:  
  • Home
  • Tech Notes
  • Generate a self signed 2048 bit SSL certificate for apache
Monday, 10 February 2014 21:03

Generate a self signed 2048 bit SSL certificate for apache

1) Generate key and signing request


fred>openssl req -new -nodes -newkey rsa:2048 -keyout yourdomain.com.key -out yourdomain.com.csr
Fill in the details:- 

Generating a 2048 bit RSA private key
..+++
.............................+++
writing new private key to 'yourdomain.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:State
Locality Name (eg, city) []:City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company Name
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:yourdomain.com
Email Address []:This email address is being protected from spambots. You need JavaScript enabled to view it.

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

2 Sign the certificate

fred> openssl x509 -req -days 100000 -in yourdomain.com.csr -signkey yourdomain.com.key -out yourdomain.com.crt

3 Copy the key and certificate for apache to use

fred> mkdir /etc/apache2/ssl
fred> cp yourdomain.com.key /etc/apache2/ssl/
fred> cp yourdomain.com.crt /etc/apache2/ssl/
fred> chown -R www-data /etc/apache2/ssl 
fred> chmod -R 400 /etc/apache2/ssl

4 Configure Apache

First Enable mod-ssl (However that is for your distro). Add the following for the virtual hosts 

<VirtualHost yourdomain.com:80>
  ServerName yourdomain.com
  ServerAlias yourdomain.com
  DocumentRoot /var/www/yourdomain.com
  ServerAlias yourdomain.com
  ErrorLog /var/log/httpd/yourdomain.com-error.log
</VirtualHost>

<VirtualHost yourdomain.com:443>
  ServerName yourdomain.com
  ServerAlias yourdomain.com
  DocumentRoot /var/www/yourdomain.com
  ServerAlias yourdomain.com
  ErrorLog /var/log/httpd/yourdomain.com-error.log
  SSLCertificateFile ssl/yourdomain.com.crt
  SSLCertificateKeyFile ssl/yourdomain.com.key
  SSLEngine on
</VirtualHost>
Last modified on Monday, 10 February 2014 21:23
More in this category: « Reset / Clear the supervisor password on a Lenovo Thinkpad R61i (and many other Thinkpad models) - (at your own risk) Cloning multiple hard disks from a source drive (bit for bit) »

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Back to top

© kinggeek.co.uk 2024