Following is the process to enable SSL on Apache webserver with Self Signed Certificates
1) Add the below entry in HTTPD config file (/usr/local/apache2/conf/httpd.conf) on desired machine:
# BEGIN CUSTOMIZATIONS
NameVirtualHost *:80
NameVirtualHost *:443
Include conf/vhosts/*.conf
2) Generate key:
openssl genrsa -out ca.key 2048
3) Generate CSR:
OpenSSL> req -new -key ca.key -out ca.csr
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:*****
An optional company name []:
4) Generate Self Signed Key
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt
5) Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
6) Create ssl.conf with the key entries:
/usr/local/apache2/conf/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
7) Create a new virtual host file with SSL entries as below (/usr/local/apache2/conf/vhosts vhost_crk_ssl.conf)
< VirtualHost *:443 >
ServerName crk.test.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/certsca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
****************************
****************************
< VirtualHost >
8) Restart Apache
1) Add the below entry in HTTPD config file (/usr/local/apache2/conf/httpd.conf) on desired machine:
# BEGIN CUSTOMIZATIONS
NameVirtualHost *:80
NameVirtualHost *:443
Include conf/vhosts/*.conf
2) Generate key:
openssl genrsa -out ca.key 2048
3) Generate CSR:
OpenSSL> req -new -key ca.key -out ca.csr
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:*****
An optional company name []:
4) Generate Self Signed Key
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt
5) Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
6) Create ssl.conf with the key entries:
/usr/local/apache2/conf/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
7) Create a new virtual host file with SSL entries as below (/usr/local/apache2/conf/vhosts vhost_crk_ssl.conf)
< VirtualHost *:443 >
ServerName crk.test.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/certsca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
****************************
****************************
< VirtualHost >
8) Restart Apache
No comments:
Post a Comment