Openssl cert generation

Generate a Private Key
———————-
This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

openssl genrsa -des3 -out server.key 1024

Generate a CSR (Certificate Signing Request)
——————————————–
These are the X.509 attributes of the certificate.

openssl req -new -key server.key -out server.csr

Remove Passphrase from Key
————————–
One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started.

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Generating a Self-Signed Certificate
————————————-
To generate a temporary certificate which is good for 365 days

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Installing the Private Key and Certificate
——————————————
cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key

If using certificates in Apache then

Configuring SSL Enabled Virtual Hosts
————————————

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

Restart Apache and Test
————————-

/etc/init.d/httpd stop
/etc/init.d/httpd stop

Advertisements

Posted on October 3, 2014, in LInux Based, Web. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: