Difference between revisions of "Setting up https secure connection"

From Kolmisoft Wiki
Jump to navigationJump to search
Line 10: Line 10:


Generate Self Signed Key
Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt


Move the files to the correct locations
Move the files to the correct locations

Revision as of 15:40, 4 March 2010

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL.

yum -y install mod_ssl openssl 

Generate private key

openssl genrsa -out ca.key 1024 

Generate CSR

openssl req -new -key ca.key -out ca.csr

Generate Self Signed Key

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Move the files to the correct locations

mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr

Then we need to update the Apache SSL configuration file. Change the paths to match where the Key file is stored. If you've used the method above it will be.

SSLCertificateFile /etc/pki/tls/certs/ca.crt  

Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key  

Quit and save the file and then restart Apache

/etc/init.d/httpd restart

Source: http://shapeshed.com/journal/setting_up_mod_ssl_on_apache_centos_52/