Steps to install and configure the self signed SSL certificate with Apache on Red Hat Linux
Installation of Openssl:
Step 1: Download the openssl software from (http://www.openssl.org/)
Step 2:tar -xzf openssl-1.0.1f.tar.gz
Step 3: cd openssl-1.0.1f
Step 4: ./config --prefix=/usr/openssl -fPIC no-gost no-shared no-zlib
Step 5: make
Step 6: make install
The above steps will install the openssl software in /usr/openssl. You can define the openssl path in the PATH variable.
Apache installation:
./configure --prefix=/usr/local/apache2/ --enable-mods-shared=all --enable-ssl=shared --enable-proxy=shared --enable-proxy-connect=shared --enable-proxy-ajp=shared --enable-proxy-balancer=shared --enable-proxy-ftp=shared --enable-proxy-http=shared --enable-so --with-ssl=/usr/openssl/
Steps to generate key,csr and crt:
/usr/openssl/bin/openssl genrsa -out commonname.key 2048 -- Generate a 2048 bit key
/usr/openssl/bin/openssl req -new -key commonname.key -out commonname.csr -- To generate a CSR
/usr/openssl/bin/openssl x509 -req -days 365 -in commonname.csr -signkey commonname.key -out commonname.crt - To generate the selfsigned certificate
Add the ssl configuration in apache httpd.conf file:
LoadModule ssl_module modules/mod_ssl.so
<VirtualHost servername:443>
ServerName hostname
SSLEngine On
SSLCertificateFile /usr/commonname.crt
SSLCertificateKeyFile /usr/commonname.key
SSLProxyEngine On
ServerName hostname
SSLEngine On
SSLCertificateFile /usr/commonname.crt
SSLCertificateKeyFile /usr/commonname.key
SSLProxyEngine On
</VirtualHost>
Start and stop the server using -DSSL option:
apache/bin/httpd -k start -DSSL
apache/bin/httpd -k stop -DSSL
0 comments:
Post a Comment