Creating a SSL certificate

Discussion related to network/web services such as Apache, BIND Sendmail, etc.

Creating a SSL certificate

Postby dennylin93 » 01 Jan 2009, 11:41

Right now I'm having trouble creating a SSL certificate and enabling it on Apache. I've seen a lot of tutorials, but none of them seem to work.

Wondering if anyone could provide me with instructions on how to create a SSL certificate and modify the Apache configuration file. Thanks in advance.
dennylin93
Member
 
Posts: 784
Joined: 11 Dec 2008, 13:13

Postby felix » 01 Jan 2009, 12:23

Edit /usr/local/etc/apache22/httpd.conf file:
Code: Select all
#    Uncomment:
#    Include etc/apache22/extra/httpd-ssl.conf


Edit /usr/local/etc/apache22/extra/httpd-ssl.conf:
Code: Select all
#    Uncomment and change to your domain name:
#    ServerName www.my_domain.org:443

#    Uncomment and change to your mail address:
#    ServerAdmin webmaster@my_domain.org


And run:
Code: Select all
cd /usr/local/etc/apache22
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
chmod 0400 /usr/local/etc/apache22/server.key
chmod 0400 /usr/local/etc/apache22/server.crt

cd /usr/local/etc/apache22
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key


Restart Apache...
User avatar
felix
Junior Member
 
Posts: 17
Joined: 16 Nov 2008, 18:54

Postby morganw » 01 Jan 2009, 22:27

If you have trouble with the "openssl" program, look into /usr/ports/security/xca. I use it to manage all of the certificates for my WPA2 setup, and it's infinitely more useable than the basic "openssl" program.
morganw
Junior Member
 
Posts: 1
Joined: 01 Jan 2009, 22:23

Postby dennylin93 » 02 Jan 2009, 12:14

Thanks for the replies. Do I need to modify openssl.cnf in order to generate the certificate?
dennylin93
Member
 
Posts: 784
Joined: 11 Dec 2008, 13:13

Postby gilinko » 02 Jan 2009, 16:05

openssl.cnf can be used to quickly add information that is requested by the above commands, BUT it's not necessary. The commands will ask you for the required information, and they are pretty easy to understand.

When asked for "YOUR name" in these dialogs you enter the full domain name(ie http://www.example.com or subdomain.example.com), and not your name. Can be confusing, but that's pretty much the only thing that isn't pretty clear in the dialogues.
User avatar
gilinko
Member
 
Posts: 416
Joined: 18 Nov 2008, 06:02
Location: SV_se

Postby ruaoh » 13 May 2010, 16:26

I followed these steps to create my own cert.

http://www.akadia.com/services/ssh_test_certificate.html
ruaoh
Junior Member
 
Posts: 5
Joined: 18 Nov 2008, 19:12


Return to Web & Network Services

Who is online

Users browsing this forum: No registered users and 2 guests