Generate SSL Certificate for Linux

If you want to test SSL on your web server, you probably want to generate a self-signed certificate before ordering up the real one.
There are three steps:
– generate SSL key w/o passphrase
– generate certificate request
– generate self-signed certificate

# cd /etc/httpd/conf
# mkdir ssl.key ssl.csr ssl.crt
# openssl genrsa -out /etc/httpd/conf/ssl.key/myserver.net.key 1024
# openssl req -new -key /etc/httpd/conf/ssl.key/myserver.net.key -out /etc/httpd/conf/ssl.csr/myserver.net.key.csr
# openssl req -new -key /etc/httpd/conf/ssl.key/myserver.net.key -x509 -out /etc/httpd/conf/ssl.crt/myserver.net.crt -days 999
# ln -s ssl.crt/myserver.net.crt server.crt
# ln -s ssl.key/myserver.net.key server.key

and add the following to the bottom of your /etc/httpd/conf/httpd.conf file, remembering to substitute your own IPs and hostnames:

NameVirtualHost 192.168.1.19:80
NameVirtualHost 192.168.1.19:443

<VirtualHost foo.myserver.net:80>
    ServerName foo.myserver.net
    ServerAdmin webmaster@myserver.net
    DocumentRoot /var/www/html
</VirtualHost>

<VirtualHost foo.myserver.net:443>
    ServerName foo.myserver.net
    ServerAdmin webmaster@myserver.net
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile conf/server.crt
    SSLCertificateKeyFile conf/server.key
</VirtualHost>

and restart the web server:

# service httpd restart

Now navigate to your https URL in a browser. You will have to add a security exception in your browser for the unvalidated self-signed certificate.

Source


  • No Comments

    Sorry, the comment form is closed at this time.