Jump to Navigation

046 - Create self Signed SSL Certificates

Self-signed certs are the same as signed versions except for the fact that a CA doesn't stamp it with their approval, instead you stamp it with yours. Self-signed certs offer the same amount of protection but at the cost of dealing with the annoying popup alert the browser displays and someone being able to forge your identity, however they are completely free and easy to make using OpenSSL.

1. Generate your praivate key

Private key can be either RSA or DSA based https://www.viagrasansordonnancefr.com/viagra-en-ligne/ with a minimum of 1024 bits using a cipher such as TripleDES. For private key we'll use RSA, 1024 bits, and TripleDES (To use 4096 bits - more secure but slower to encrypt/decrypt).

openssl genrsa -des3 -out server.key 1024

2. Certificate Signing Request (CSR)

The certificate signing request (CSR) is an unsigned copy of the SSL certificate. The CSR contains the public key and X.509 certificate attributes including your country, state, organization name, server's common name or FQDN (fully qualified domain name), and other information. Before you can get a digital certificate from a CA you'll need to generate a CSR on the server you'll be using the SSL certificate on.

openssl req -key server.key -out server.csr

3. Sign Your Certificate Signing Request

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

4. Remove the PassPhrase From Your Private Key

When your private key has a passphrase, Apache will have no idea what it is and prompt you for your password whenever the service is started. As you can imagine, this would be a major inconvenience if you need to edit any virtual hosts and reload the changes or if your server crashed or rebooted itself. Apache would just sit there and wait for you to key in the password for each SSL enabled host. The solution to this dilemma would be to remove the passphrase from the private key file.

cp server.key server.key.secure
openssl rsa -in server.key.secure -out server.key

5. Install Your Certificate and Private Key

mv server.csr /etc/httpd/conf/ssl.csr/host_domain_tld.csr
mv server.crt /etc/httpd/conf/ssl.crt/host_domain_tld.crt
mv server.key /etc/httpd/conf/ssl.key/host_domain_tld.key
mv server.key.secure /etc/httpd/conf/host_domain_tld.key.secure

chmod 400 /etc/httpd/conf/ssl.csr/host_domain_tld.csr
chmod 400 /etc/httpd/conf/ssl.crt/host_domain_tld.crt
chmod 400 /etc/httpd/conf/ssl.key/host_domain_tld.key
chmod 400 /etc/httpd/conf/ssl.key/host_domain_tld.key.secure

6. Configure Your Apache SSL Virtual Host (httpd-ssl.conf)

SSLCertificateFile /etc/httpd/conf/ssl.crt/host_domain_tld.crt
SSLCertificateKeyFile    /etc/httpd/conf/ssl.key/host_domain_tld.key

7. Restart Apache httpd



Main menu 2

Story | by Dr. Radut