Difference between revisions of "Seting up https secure connection"
From Kolmisoft Wiki
Jump to navigationJump to search
(New page: For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL. yum -y install mod_ssl ...) |
|||
| Line 3: | Line 3: | ||
yum -y install mod_ssl openssl | yum -y install mod_ssl openssl | ||
Generate private key | |||
openssl genrsa -out ca.key 1024 | openssl genrsa -out ca.key 1024 | ||
Generate CSR | |||
openssl req -new -key ca.key -out ca.csr | openssl req -new -key ca.key -out ca.csr | ||
Generate Self Signed Key | |||
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt | openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt | ||
Move the files to the correct locations | |||
mv ca.crt /etc/pki/tls/certs | mv ca.crt /etc/pki/tls/certs | ||
mv ca.key /etc/pki/tls/private/ca.key | mv ca.key /etc/pki/tls/private/ca.key | ||
Revision as of 10:22, 19 August 2009
For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL.
yum -y install mod_ssl openssl
Generate private key
openssl genrsa -out ca.key 1024
Generate CSR
openssl req -new -key ca.key -out ca.csr
Generate Self Signed Key openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Move the files to the correct locations
mv ca.crt /etc/pki/tls/certs mv ca.key /etc/pki/tls/private/ca.key mv ca.csr /etc/pki/tls/private/ca.csr
Then we need to update the Apache SSL configuration file. Change the paths to match where the Key file is stored. If you've used the method above it will be.
SSLCertificateFile /etc/pki/tls/certs/ca.crt
Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Quit and save the file and then restart Apache
/etc/init.d/httpd restart
