Setup apache with a self-signed SSL/TLS-certificate
Jump to navigation
Jump to search
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .........++++++ ..........++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:BW Locality Name (eg, city) []:Offenburg Organization Name (eg, company) [Internet Widgits Pty Ltd]:Wurst-Wasser.net Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:www.wurst-wasser.net Email Address []:usenet at wurst-wasser.net Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ mv server.key server.key.secured_with_passphrase WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl rsa -in server.key.secured_with_passphrase -out server.key Enter pass phrase for server.key.secured_with_passphrase: writing RSA key WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=DE/ST=BW/L=Offenburg/O=Wurst-Wasser.net/OU=IT/CN=www.wurst-wasser.net/emailAddress=usenet at wurst-wasser.net Getting Private key WroDos-MacBook-Air:Zertifikate fuer SSL heiko$
Now, make sure, mod_ssl is installed and install the certificates:
cp server.crt /usr/local/apache/conf/ssl.crt cp server.key /usr/local/apache/conf/ssl.key
And setup SSL:
SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Then restart apache
apachectl restart