1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Creating a SSL certificate

Discussion in 'Web and Network Services' started by dennylin93, Jan 1, 2009.

  1. dennylin93

    dennylin93 New Member

    Messages:
    784
    Thanks Received:
    104
    Right now I'm having trouble creating a SSL certificate and enabling it on Apache. I've seen a lot of tutorials, but none of them seem to work.

    Wondering if anyone could provide me with instructions on how to create a SSL certificate and modify the Apache configuration file. Thanks in advance.
     
  2. felix

    felix New Member

    Messages:
    17
    Thanks Received:
    16
    Edit /usr/local/etc/apache22/httpd.conf file:
    Code:
    #    Uncomment:
    #    Include etc/apache22/extra/httpd-ssl.conf


    Edit /usr/local/etc/apache22/extra/httpd-ssl.conf:
    Code:
    #    Uncomment and change to your domain name:
    #    ServerName www.my_domain.org:443
    
    #    Uncomment and change to your mail address:
    #    ServerAdmin webmaster@my_domain.org


    And run:
    Code:
    cd /usr/local/etc/apache22
    openssl genrsa -des3 -out server.key 1024
    openssl req -new -key server.key -out server.csr
    openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
    chmod 0400 /usr/local/etc/apache22/server.key
    chmod 0400 /usr/local/etc/apache22/server.crt
    
    cd /usr/local/etc/apache22
    cp server.key server.key.orig
    openssl rsa -in server.key.orig -out server.key


    Restart Apache...
     
    MNIHKLOM and paulfrottawa thanked for this.
  3. morganw

    morganw New Member

    Messages:
    1
    Thanks Received:
    0
    If you have trouble with the "openssl" program, look into /usr/ports/security/xca. I use it to manage all of the certificates for my WPA2 setup, and it's infinitely more useable than the basic "openssl" program.
     
  4. dennylin93

    dennylin93 New Member

    Messages:
    784
    Thanks Received:
    104
    Thanks for the replies. Do I need to modify openssl.cnf in order to generate the certificate?
     
  5. gilinko

    gilinko New Member

    Messages:
    416
    Thanks Received:
    52
    openssl.cnf can be used to quickly add information that is requested by the above commands, BUT it's not necessary. The commands will ask you for the required information, and they are pretty easy to understand.

    When asked for "YOUR name" in these dialogs you enter the full domain name(ie http://www.example.com or subdomain.example.com), and not your name. Can be confusing, but that's pretty much the only thing that isn't pretty clear in the dialogues.
     
    MNIHKLOM thanks for this.
  6. ruaoh

    ruaoh New Member

    Messages:
    5
    Thanks Received:
    0