Linux in General > Linux Tutorials & How To's

How To - Generate Apache SSL Certificate


 1. Generate a Private Key
This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

    openssl genrsa -des3 -out server.key 1024

2. Generate a CSR (Certificate Signing Request)

    openssl req -new -key server.key -out server.csr

3. Remove passphrase from key

    cp server.key
    openssl rsa -in -out server.key

4. Generating a Self-Signed Certificate for 365 days.

    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

5. Install the private key and certificate

    cp server.crt /usr/local/apache/conf/ssl.crt
    cp server.key /usr/local/apache/conf/ssl.key

6. Configuring SSL Enabled Virtual Hosts

    SSLEngine on
    SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    CustomLog logs/ssl_request_log \
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

7. Restart apache and test

    service httpd restart


[0] Message Index

Go to full version