Generate RSA Private Key
openssl genrsa -des3 -out server.key 1024
Generate Certificate Signing Request (CSR)
openssl req -new -key server.key -out server.csr
Remove Passphrase from Key
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
Generate Self-Signed Certificate
openssl x509 -req -days 5000 -in server.csr -signkey server.key -out server.crt
Verify/Install mod_ssl
Requires mod_ssl be installed for Apache
Look for mod_ssl.so in httpd/modules dir or rpm -qa |grep mod_ssl
Otherwise, use yum install mod_ssl or download mod_ssl rpm and install.
mod_ssl does have dependency on distcache, so distcache also need to be installed
Install Private Key and Certificate<httpd-conf> could be different based on Apache installation. For example, /etc/httpd/conf
cp server.crt <httpd-conf>/ssl.crt
cp server.key <httpd-conf>/ssl.key
Configure SSL Enabled Virtual Hosts
When mod_ssl is installed it creates a ssl.conf, usually in /etc.httpd/conf.d. Verify that you have the following entries:
SSLEngine on
SSLCertificateFile <httpd-conf>/ssl.crt/server.crt
SSLCertificateKeyFile <httpd-conf>/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl request log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Restart Apache and Test
https://<Server_Host>:<Port>
No comments:
Post a Comment