Setup apache with a self-signed SSL/TLS-certificate

From Wurst-Wasser.net
Revision as of 21:09, 7 October 2013 by Heiko (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.........++++++
..........++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:BW
Locality Name (eg, city) []:Offenburg
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Wurst-Wasser.net
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:www.wurst-wasser.net
Email Address []:usenet at wurst-wasser.net

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ mv server.key server.key.secured_with_passphrase
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl rsa -in server.key.secured_with_passphrase -out server.key
Enter pass phrase for server.key.secured_with_passphrase:
writing RSA key
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=DE/ST=BW/L=Offenburg/O=Wurst-Wasser.net/OU=IT/CN=www.wurst-wasser.net/emailAddress=usenet at wurst-wasser.net
Getting Private key
WroDos-MacBook-Air:Zertifikate fuer SSL heiko$

Now, make sure, mod_ssl is installed and install the certificates: 

cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key

And setup SSL: 

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Then restart apache 

apachectl restart


Retrieved from "https://www.wurst-wasser.net//wiki/index.php?title=Setup_apache_with_a_self-signed_SSL/TLS-certificate&oldid=4511"