Tuesday, August 10, 2010

Create Self-Signed Certificate And Configure Apache To Run SSL



When Ever You Want To Enable SSL Protocol, You Will Need Certificate, At The End Of This Post, You Are Able To Create Self-Signed Certificate And Enable SSL , In Oreder To Use HTTPS.
By Default, SSL Is Disabled And You Should Enable It Manually.
SSL Protocol Work On 443 Port And You Can Use It By Replacing HTTPS Instead Of HTTP At The Beggining Of The URL.
By Default, HTTP Uses 80 Port And HTTPS Uses 443 Port But You Can Change It In Your Web Server Configuration File.
Lets See, What Should We Do In Order To Enable SSL On Linux Server That Runs Apache As Web Server.

At First, We Should Generate a Private Key, Use The Following Command For This Purpose:

 openssl genrsa -des3 -out certificate.key 1024

This Is 1024bit Key, For Encryption, Using Triple-DES And Stores In PEM Format.
You Should Enter PEM Pass Phrase.
After That, It Is Time To Generate a CSR

 openssl req -new -key certificate.key -out certificate.csr 


When You Enter, It Asks Several Questions, Answer Them Correctly
Now, We Will Remove Pass-Phrase From Key, Apache Asks For Pass-Phrase Each Time It Starts,It Means That When Evers The Server Crashes, Or Reboots, You Should Enter Password In Order To Enable SSL, It Is Possible To Remove The Triple-DES Encryption Form The Key, After That, There Is No Need To Enter Password When The Apache Server Starts

 openssl rsa -in certificate.key -out certificatenew.key 
  
Now, We Will Generate a Self-Signed Certificate

 openssl x509 -req -days 365 -in certificate.csr -signkey certificatenew.key -out certificate.crt 

Now, We Have Self-Signed Certificate, That Is Valid For 1 Year, You Can Change It By Changing Number 365, For Example, If You Change It To 3650, It Is Valid For 10 Years.

If You Want To Install This Certificate On Apache, At Frist You Should Install "mod_ssl", After That, Use The Following Instruction:

 cp certificate.crt /usr/local/apache/conf/ssl.crt  
 cp certificatenew.key/usr/local/apache/conf/ssl.key

Now, We Should Configure SSL Enabled Virtual Hosts:

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 

Well Done, Restart Apache:

/etc/init.d/httpd restart

It Should Work Right Now, Try : https://example.com
Posted by 4n0nym0us at 5:33 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)