Skip to content


startssl.com

#startssl.com
Create the server key (in this example RSA 1024 bit):
openssl genrsa -out host.key 4096
Make a certificate out of it (it won’t be signed yet):
openssl req -new -key host.key -out host.csr
Create your CA certificate (will be valid for a year):
openssl req -new -x509 -days 365 -key host.key -out host.crt
Copy info from host.csr and plug it into startssl.com website. It will create text you will put in a .csr file

Create the .csr file in the /etc/apache2/ssl area, in this case I called it my host name webvm1.csr.

cp host.key webvm1.key

Enable the SSL module

sudo a2enmod ssl
Listen to port 443

echo “Listen 443″ | sudo tee -a /etc/apache2/ports.conf
Create and enable the SSL site

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
Modify it so it looks something like this

NameVirtualHost *:443

ServerAdmin webmaster@localhost

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/webvm1.newy.org.startssl.csr
SSLCertificateKeyFile /etc/apache2/ssl/webvm1.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
SSLCACertificateFile /etc/apache2/ssl/ca.pem

…and enable it

sudo a2ensite ssl

don’t forget to modify /etc/apache2/sites-available/default

NameVirtualHost *:80

Posted in Uncategorized.

Tagged with .


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

You must be logged in to post a comment.