Type : Apache SSL
Operating System : Windows and Linux with Apache
Write by : Fabien FAYE
You can find below a little summary of how to create SSL certificate for apache and Mod_ssl
Creation of the KEY and CSR :
mkdir -p /etc/ssl/httpd/private
mkdir /etc/ssl/httpd/newcerts/
cd /etc/ssl/httpd
Change in the file /etc/ssl/openssl.cnf the dir value by /etc/ssl/httpd
We need to create some file before : database, serial
touch /etc/ssl/httpd/index.txt
echo "01" > /etc/ssl/httpd/serial
We can start the creation of this certificate
openssl req -new -keyout server.key -out server.csr -days 3600 -config ../openssl.cnf
Generating a 1024 bit RSA private key
........++++++
..........++++++
writing new private key to 'private/cakey.pem'
Enter PEM pass phrase:
We have to enter a pass phrase.
Verifying - Enter PEM pass phrase:
We have to enter again the pass phrase.
Country Name (2 letter code) [AU]:
Enter the country code and for me it is FR
State or Province Name (full name) [Some-State]:
Name of the state or province where you are and for me Lorraine
Locality Name (eg, city) []:
Name of the city where you are
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Name of your organization or the name of the society who need it this certificate
Organizational Unit Name (eg, section) []:
Name of the services or departement of your society : generationip
Common Name (eg, YOUR name) []:
FQDN of the server : www.generationip.com
Email Address []:
Your email address
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
Please press enter
An optional company name []:
Please press enter
Request the CRT and the ca-bundle File
Now, you have to find a ssl certificate reseller and select the good application in this case apache-modssl.
You can find ssl certificate on this website :
http://www.comodo.comhttp://www.verisign.comhttp://www.thawte.comIntegration of your certificate in apache with mod_ssl
With a redhat distribution you have to place the certificate files (generationip_com.key, generationip_com.crt and generationip_com.ca-bundle) in the folder /etc/httpd/conf.d/ssl/
After that you have to open your vhosts.conf or the ssl.conf file present in /etc/httpd/conf.d/
######################################################################
# WWW.GENERATIONIP.COM
######################################################################
Listen yourip:443
<VirtualHost yourip:443>
ServerName yourwebsite
ServerAdmin (Email address of the hostmaster)
DocumentRoot /var/www/yourwebsite/htdocs
CustomLog logs/ssl_yourwebsite-access_log combined
ErrorLog logs/ssl_yourwebsite-error_log
# error redirector
ErrorDocument 404 /404.php
ErrorDocument 403 /404.php
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/conf.d/ssl/yourcertificate.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/yourcertificate.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/yourcertificate-bundle
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Now the apache configuration is ready for a restart but before that your have to remove the password present in your key.
For that you have to do that :
openssl rsa -in server-key.pem -out server-key.pem
Enter pass phrase for server-key.pem:
writing RSA key
Please check before the apache configuration with :
apachectl configtest
Restart of apache if the config test is ok :
/etc/init.d/httpd restart
United States : 0 No objects found.
Unknown Browser
