Difference between revisions of "Seting up https secure connection"

From Kolmisoft Wiki
Jump to navigationJump to search
(New page: For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL. yum -y install mod_ssl ...)
 
Line 3: Line 3:
  yum -y install mod_ssl openssl  
  yum -y install mod_ssl openssl  


# Generate private key  
Generate private key  
  openssl genrsa -out ca.key 1024  
  openssl genrsa -out ca.key 1024  


# Generate CSR  
Generate CSR  
  openssl req -new -key ca.key -out ca.csr
  openssl req -new -key ca.key -out ca.csr


# Generate Self Signed Key
Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt


# Move the files to the correct locations
Move the files to the correct locations
  mv ca.crt /etc/pki/tls/certs
  mv ca.crt /etc/pki/tls/certs
  mv ca.key /etc/pki/tls/private/ca.key
  mv ca.key /etc/pki/tls/private/ca.key

Revision as of 10:22, 19 August 2009

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL.

yum -y install mod_ssl openssl 

Generate private key

openssl genrsa -out ca.key 1024 

Generate CSR

openssl req -new -key ca.key -out ca.csr

Generate Self Signed Key openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Move the files to the correct locations

mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr

Then we need to update the Apache SSL configuration file. Change the paths to match where the Key file is stored. If you've used the method above it will be.

SSLCertificateFile /etc/pki/tls/certs/ca.crt  

Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key  

Quit and save the file and then restart Apache

/etc/init.d/httpd restart