[Apache] SSL (self-signed & purchased version)

Complete guide to configuring SSL on Apache: self-signed certificates (generating key, CSR, CRT, and VirtualHost setup) and purchasing commercial certificates from Symantec.

[Self-signed]

  1. Generate a host key:
1

sudo ssh-keygen -f host.key
  1. Generate a certificate request file
1

sudo openssl req -new -key host.key -out request.csr

Type what you want:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

  Country Name (2 letter code) [AU]:TW
  State or Province Name (full name) [Some-State]:Taiwan
  Locality Name (eg, city) []:Taipei
  Organization Name (eg, company) [Internet Widgits Pty Ltd]:
  Organizational Unit Name (eg, section) []:
  Common Name (e.g. server FQDN or YOUR name) []:
  Email Address []:
  
  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:

  1. Create the SSL certificate
    sudo openssl x509 -req -days 365 -in request.csr -signkey host.key -out server.crt

    Create a nopass’ key (optional)
    openssl rsa -in host.key -out host.nopass.key

  2. Configure Apache
    LoadModule ssl_module libexec/apache2/mod_ssl.so

1
2
3

SSLEngine on 
SSLCertificateFile "/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/host.nopass.key"

1
2

sudo apachectl configtest 
sudo apachectl restart

p.s. enable mods: sudo a2enmod ssl
enable sites: sudo a2ensite default-ssl

[Purchased (Symantec)]

[http://www.symantec.com/tv/products/details.jsp?vid=1452855338001]

comments powered by Disqus
© 2010 - 2026 kerkerj
Powered by Hugo. Theme Stack. All Rights Reserved.