GenerationIP

Just for you

  • Increase font size
  • Default font size
  • Decrease font size
Home Documentation Mini Howto Create a SSL Certificate and install on apache with mod_ssl

Create a SSL Certificate and install on apache with mod_ssl

E-mail Print PDF
User Rating: / 3
PoorBest 

Type : Apache SSL
Operating System : Windows and Linux with Apache

You can find below a little summary of how to create SSL certificate for apache and Mod_ssl

 

Creation of the KEY and CSR :

mkdir -p /etc/ssl/httpd/private
mkdir /etc/ssl/httpd/newcerts/
cd /etc/ssl/httpd


Change in the file /etc/ssl/openssl.cnf the dir value by /etc/ssl/httpd

We need to create some file before : database, serial

touch /etc/ssl/httpd/index.txt
echo "01" > /etc/ssl/httpd/serial

We can start the creation of this certificate

openssl req -new -keyout server.key -out server.csr -days 3600 -config ../openssl.cnf

Generating a 1024 bit RSA private key
........++++++
..........++++++
writing new private key to 'private/cakey.pem'
Enter PEM pass phrase:


We have to enter a pass phrase.

Verifying - Enter PEM pass phrase:

We have to enter again the pass phrase.

Country Name (2 letter code) [AU]:

Enter the country code and for me it is FR

State or Province Name (full name) [Some-State]:

Name of the state or province where you are and for me Lorraine

Locality Name (eg, city) []:

Name of the city where you are

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Name of your organization or the name of the society who need it this certificate

Organizational Unit Name (eg, section) []:

Name of the services or departement of your society : generationip

Common Name (eg, YOUR name) []:

FQDN of the server : www.generationip.com

Email Address []:

Your email address

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:


Please press enter

An optional company name []:

Please press enter

 

Request the CRT and the ca-bundle File

Now, you have to find a ssl certificate reseller and select the good application in this case apache-modssl.

You can find ssl certificate on this website :

http://www.comodo.com
http://www.verisign.com
http://www.thawte.com

Integration of your certificate in apache with mod_ssl

With a redhat distribution you have to place the certificate files (generationip_com.key, generationip_com.crt and generationip_com.ca-bundle) in the folder /etc/httpd/conf.d/ssl/

After that you have to open your vhosts.conf or the ssl.conf file present in /etc/httpd/conf.d/

######################################################################
# WWW.GENERATIONIP.COM
######################################################################

Listen yourip:443

<VirtualHost yourip:443>
ServerName yourwebsite

ServerAdmin (Email address of the hostmaster)
DocumentRoot /var/www/yourwebsite/htdocs
CustomLog logs/ssl_yourwebsite-access_log combined
ErrorLog logs/ssl_yourwebsite-error_log

# error redirector
ErrorDocument 404 /404.php
ErrorDocument 403 /404.php

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/httpd/conf.d/ssl/yourcertificate.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/yourcertificate.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/yourcertificate-bundle

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

 

Now the apache configuration is ready for a restart but before that your have to remove the password present in your key.

For that you have to do that :

openssl rsa -in server-key.pem -out server-key.pem
Enter pass phrase for server-key.pem:
writing RSA key

Please check before the apache configuration with :

apachectl configtest

Restart of apache if the config test is ok :

/etc/init.d/httpd restart

 

Last Updated on Saturday, 30 January 2010 22:42