Openssl cert generation

Generate a Private Key
This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

openssl genrsa -des3 -out server.key 1024

Generate a CSR (Certificate Signing Request)
These are the X.509 attributes of the certificate.

openssl req -new -key server.key -out server.csr

Remove Passphrase from Key
One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started.

cp server.key
openssl rsa -in -out server.key

Generating a Self-Signed Certificate
To generate a temporary certificate which is good for 365 days

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Installing the Private Key and Certificate
cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key

If using certificates in Apache then

Configuring SSL Enabled Virtual Hosts

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

Restart Apache and Test

/etc/init.d/httpd stop
/etc/init.d/httpd stop


Posted on October 3, 2014, in LInux Based, Web. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: