How to create a self-signed SSL Certificate

.
Hi again

For installing the apache with https support you should have a Certificate Authority Server to sign you. by using this you can publish your web content encrypted by RSA algorithm through the port 443. but many times the company prefer to publish its own certificate. (for instant the local companies with the privates accesses) therefore you should able to make a way to sign you SSL certificate by your own server.

Since my favorite Linux Distribution is Debian I will give you the the commands in that. However most of the distributions works in similar way.

First install the Openssl package in your server when you installing the apache with aptitude command.

Then Generate the Private key of your system

openssl genrsa -des3 -out server.key 1024

now you should generate your Certificate Signing Request (CSR) file by following command

openssl req -new -key server.key -out server.csr

by returning above command the console will asks you about the country , region , company name etc. but you can simply predefined these configurations in /etc/ssl/openssl.cnf file.

not its time to remove Passphrase from Key


cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

the next step is Generating a Self-Signed Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

now simply copy your files into the /etc/apache2/ssl directory. if not exist simply create ssl Directory in your apache root.

cp server.crt /etc/apache2/ssl/ssl.crt
cp server.key /etc/apache2/ssl/ssl.key

The final task you should do to obtain the apache server with https support is that tel the apache where is your Certificates. perhaps you should create a file in your apache site-available directory and change your port into 443. after that you should address the Certificate file in your virtual host configurations.

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

thats it . just restart your server :) if you need any further assistance to run the apache with ssl support do not hesitate to contact me.

reference : http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html

Leave a Reply

*

     Copyrighted Mehdi Behamin , All Rights Reserved
    
Blog has been visited 207157 times