How to SETUP SSL Apache MODSSL Published: Sep 09, 2004
  • Rating

    4/5

Setup SSL Tutorial teaches you how to generate and setup a SSL certificate. Assuming you have apache and openssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR

Setup SSL Tutorial teaches you how to generate and setup a SSL certificate.
Assuming you have apache and openssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR.

Generating RSA & CSR (Signing Request)

[root@yupapa root]#
[root@yupapa root]# cd /etc/httpd/conf/ssl.key

OPTION 1: Generating a RSA private key without a passphrase (ME recommended)
[root@yupapa /etc/httpd/conf/ssl.key]# openssl genrsa -out MYdomain.com.key 1024

OPTION 2: Generating a RSA private key with a passphrase. You will be prompted to enter a passphrase right after you hit enter.
[root@yupapa /etc/httpd/conf/ssl.key]# openssl genrsa -des3 -out MYdomain.com.key 1024

You should NOT generate the RSA private key with a passphrase if you have scripts that restart apache automatically. If you have, then apache just sit there and wait for the script to input the passphrase which is a mess!
There is a method that you can disable the passphrase to prompt when you restart apache which I'll show you later~

Next generate the CSR using the RSA Private Key

[root@yupapa /etc/httpd/conf/ssl.csr]# openssl req -new -key MYdomain.com.key -out MYdomain.com.csr
[root@yupapa /etc/httpd/conf/ssl.csr]# mv MYdomain.com.csr ../ssl.csr

You will be asked to enter your Common Name, Organization, Organization Unit, City or Locality, State or Province and Country.
Do not enter these characters '< > ~ ! @ # $ % ^ * / ( ) ?.,&' because they will not be accepted.

Common Name: the domain for the web server (e.g. MYdomain.com)
Organization: the name of your organization (e.g. YUPAPA)
Organization Unit: the section of the organization (e.g. Sales)
City or Locality: the city where your organzation is located (e.g. Flanders)
State or Province: the state / province where your organzation is located (e.g New Jersey)
Country: the country where your organzation is located (e.g US)

You may be asked for emeow address and challenge challenge password. I just hit enter when I generate the csr~

Now you should have:
/etc/httpd/conf/ssl.key/MYdomain.com.key
/etc/httpd/conf/ssl.csr/MYdomain.com.csr

Make a backup copy of your private key! If you lose it, you have to purchase a new cert!

Now you should submit your csr and they will mail you the certificate.


Installing the Certificate for Apache

[root@yupapa root]# cd /etc/httpd/conf/ssl.crt

Copy the certificate that they mailed you to MYdomain.com.crt
Open your httpd.conf file and place the following to your virtualhost


<VirtualHost 123.456.789.123:443>
... some config like DocumentRoot , etc..
SSLEngine  on
SSLCertificateFile /etc/httpd/conf/ssl.crt/MYdomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/MYdomain.com.key
</VirtualHost>

Restart apache
OPTION 1 [root@yupapa /etc/httpd/conf/ssl.crt]# apachectl restart
OPTION 2 (using the sh script) [root@yupapa /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart


You may be asked to enter the passphrase IF you generated the RSA with a passphrase. If you do NOT want to be asked for a passphrase when restarting apache, re-generate your RSA key file.
[root@yupapa /etc/httpd/conf/ssl.crt]# cd ../ssl.key
[root@yupapa /etc/httpd/conf/ssl.key]# mv MYdomain.com.key MYdomain.com.key.has-passphrase
[root@yupapa /etc/httpd/conf/ssl.key]# openssl rsa -in MYdomain.com.key.has-passphrase -out MYdomain.com.key

And then restart apache again
[root@yupapa /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart

Now you should be able to access https://MYdomain.com ~ And Finally make sure those directories and files are only writable and readable by root!

Written by YUPAPA - http://www.yupapa.com

  • Rating

    4/5

Related Articles

Comments (2)

  • Gravatar - Audra
    Audra 10:48, September 10, 2009
    Hi all. I think people want their illusions and writers are mostly illusion. When you read their words, you read a flattened, incomplete version of the writer. Help me! I can not find sites on the: Gel nails art. I found only this - <a href="http://www.sport.ox.ac.uk/Members/Genails">light cured gel nails</a>. Alex jaeger was dictated devastating grabs crisis venule to the nitrate and thrown the surface of checking four 21st politics. The depending day of the foot is the protein suitably under the flooring at the engine's color reference, gel nails at home. With love :-(, Audra from Guyana.
  • Gravatar - Gianna
    Gianna 07:26, September 28, 2009
    Hey. Have you ever observed that we pay much more attention to a wise passage when it is quoted than when we read it in the original author?<br />
    I am from Pakistan and now study English, tell me right I wrote the following sentence: "Soybeans attempt eventually start futures, are individual and economic and deliver rate to an offering indication of essays and rate stock, making history, conferences, funds and contract."<br />
    <br />
    Thank :P Gianna.

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2024 WebHostGear.com