Thursday, November 20, 2014

Linux - How to Generate Self-Signed SSL Certificates and Add to Apache

SSL certificate is a way to encrypt a site's information and creates a more secure connection. It can show server's identification information to client and make sure there is no 3rd party corroboration.

Assume you already have openssl and Apache installed on your server.

Create a self-signed ssl certificate:
Generate the key file

# openssl genrsa -out server.key 2048
If you need a passphrase, use the "-des3" option.

Generate the request
# openssl req -new -key server.key -out server.csr
This command will prompt terminal to display a lists of fields that need to be filled in.

Generate self signed certificate and give an expire date
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

At this point you should have "server.csr", "server.key" and "server.crt" files.

Now we add the key and certificate into Apache:
Install ssl module for apache
# yum -y install mod_ssl

Edit /etc/httpd/conf.d/ssl.conf file Uncomment and update the following lines:
DocumentRoot "/var/www/html"

Update the file path:
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key

Make sure both files is only rw by the owner
# chmod 600 /etc/pki/tls/certs/server.crt
# chmod 600 /etc/pki/tls/certs/server.key

Restart Apache:
# systemctl restart httpd.service

Now you should be able to access ""

No comments: