Pages

Thursday, January 3, 2013

Self Signed SSL Certificate


Generate RSA Private Key
openssl genrsa -des3 -out server.key 1024

Generate Certificate Signing Request (CSR)
openssl req -new -key server.key -out server.csr


Remove Passphrase from Key
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key


Generate Self-Signed Certificate
openssl x509 -req -days 5000 -in server.csr -signkey server.key -out server.crt


Verify/Install mod_ssl
Requires mod_ssl be installed for Apache
Look for mod_ssl.so in httpd/modules dir or rpm -qa |grep mod_ssl
Otherwise, use yum install mod_ssl or download mod_ssl rpm and install.
mod_ssl does have dependency on distcache, so distcache also need to be installed

Install Private Key and Certificate
<httpd-conf> could be different based on Apache installation. For example, /etc/httpd/conf
cp server.crt <httpd-conf>/ssl.crt
cp server.key <httpd-conf>/ssl.key


Configure SSL Enabled Virtual Hosts
When mod_ssl is installed it creates a ssl.conf, usually in /etc.httpd/conf.d. Verify that you have the following entries:

SSLEngine on
SSLCertificateFile <httpd-conf>/ssl.crt/server.crt
SSLCertificateKeyFile <httpd-conf>/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl request log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


Restart Apache and Test
https://<Server_Host>:<Port>



Reference

http://www.akadia.com/services/ssh_test_certificate.html