Create the server key (in this example RSA 1024 bit):
openssl genrsa -out host.key 4096
Make a certificate out of it (it won’t be signed yet):
openssl req -new -key host.key -out host.csr
Create your CA certificate (will be valid for a year):
openssl req -new -x509 -days 365 -key host.key -out host.crt
Copy info from host.csr and plug it into startssl.com website. It will create text you will put in a .csr file
Create the .csr file in the /etc/apache2/ssl area, in this case I called it my host name webvm1.csr.
cp host.key webvm1.key
Enable the SSL module
sudo a2enmod ssl
Listen to port 443
echo “Listen 443” | sudo tee -a /etc/apache2/ports.conf
Create and enable the SSL site
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
Modify it so it looks something like this
NameVirtualHost *:443
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/webvm1.newy.org.startssl.csr
SSLCertificateKeyFile /etc/apache2/ssl/webvm1.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
SSLCACertificateFile /etc/apache2/ssl/ca.pem
…and enable it
sudo a2ensite ssl
don’t forget to modify /etc/apache2/sites-available/default
NameVirtualHost *:80
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
You must be logged in to post a comment.