How to create self-signed ssl certificates for apache web server


At this  KB I tried to describe how to create SSL certification for the apache web server. First of all, you need to install httpd, OpenSSL,mod_ssl  package to create and apply SSL  certificates.

Step 1: Check  all package exist

# rpm -qa|egrep 'httpd|mod_ssl|openssl'
openssl-1.0.1e-42.el6.x86_64
httpd-2.2.15-47.el6_7.1.x86_64
httpd-tools-2.2.15-47.el6_7.1.x86_64
mod_ssl-2.2.15-47.el6_7.1.x86_64

Step 2:Create a  script  which named  apache_ssl

#vi  /usr/local/bin/apache_ssl

#!/bin/bash
mkdir /etc/httpd/ssl
cd /etc/httpd/ssl

echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Apache SSL Certificate and Key!"
read cert

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key
chmod 600 $cert.key
openssl req -new -key $cert.key -out $cert.csr
openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt

echo -e " The Certificate and Key for $cert has been generated!\nPlease link it to Apache SSL available website!"
ls -all /etc/httpd/ssl
exit 0


#chmod  700  /usr/local/bin/apache_ssl

Step 3: Run apache_ssl  script.

# /usr/local/bin/apache_ssl
mkdir: cannot create directory `/etc/httpd/ssl': File exists
Enter your virtual host FQDN:
This will generate the default name for Apache SSL Certificate and Key!
casesup.com
......................................................................................................................+++
...................................................+++
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:TR
State or Province Name (full name) []:Marmara
Locality Name (eg, city) [Default City]:Istanbul
Organization Name (eg, company) [Default Company Ltd]:Casesup.com
Organizational Unit Name (eg, section) []:Casesup.com IT
Common Name (eg, your name or your server's hostname) []:casesup.server.local
Email Address []:info@casesup.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Signature ok
subject=/C=TR/ST=Marmara/L=Istanbul/O=Casesup.com/OU=Casesup.com IT/CN=casesup.server.local/emailAddress=info@casesup.com
Getting Private key
The Certificate and Key for casesup.com has been generated!
Please link it to Apache SSL available website!
total 32
drwxr-xr-x. 2 root root 4096 Jan 26 11:39 .
drwxr-xr-x. 5 root root 4096 Jan 26 11:21 ..
-rw-r--r--. 1 root root 1363 Jan 26 11:39 casesup.com.crt
-rw-r--r--. 1 root root 1082 Jan 26 11:39 casesup.com.csr
-rw-------. 1 root root 1704 Jan 26 11:38 casesup.com.key

Step 4: Copy  SSL  certificates under  certs directory  (optional)

#cp /etc/httpd/ssl/casesup.com.key  /etc/pki/tls/certs/casesup.com.key [/shell]
#cp /etc/httpd/ssl/casesup.com.crt  /etc/pki/tls/certs/casesup.com.crt

Step 5: Add certificates under  ssl.conf

#cat /etc/httpd/conf.d/ssl.conf|grep pki
SSLCertificateFile /etc/pki/tls/certs/casesup.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/casesup.com.key

Step 6: Restart  HTTPD service

#service httpd  restart

 

I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Turk Telekom. I provide hardware and software support for the IT Infrastructure and Operations tasks.

205 Total Posts
Follow Me

Related Post