Using a Self signed Certificate to Run Apache2 under SSL
The instructions will help you to generate a self signed certificate with to run Apache2 under SSL. Using a Commercial certificate is always a better idea but in Dev. env. or some sort of testing we can use Self Signed certificate.
First of All enable SSL for Apache
#a2enmod ssl
Now create a directory where we will store our keys/(pem,key) for our self signed certificate
#mkdir /etc/apache2/certificate
Now generate the keys for our self signed certificate, you will be asked about the information which you have to provide
#openssl req -new -x509 -days 1095 -nodes -out /etc/apache2/certificate/apache.pem -keyout /etc/apache2/certificate/apache.key
Generating a 1024 bit RSA private key
..............++++++
.......................++++++
writing new private key to '/etc/apache2/certificate/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Now you have to to add/modify ports.conf to tell apache2 to run under https
NameVirtualHost *:443
And also add/modify in the same file i.e /etc/apache2/ports.conf from(without quotes) "Listen 443" to "Listen 443 http" else you will get some issues like "Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)"
#Now in the virtual host file which might be under default location /etc/apache2/sites-available , here in default-ssl Add/update
SSLEngine On
SSLCertificateFile /etc/apache2/certificate/apache.pem
SSLCertificateKeyFile /etc/apache2/certificate/apache.key
Now create a link of the above file like
#ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
Now restart apache, you will be able to see https with a self signed certificate
First of All enable SSL for Apache
#a2enmod ssl
Now create a directory where we will store our keys/(pem,key) for our self signed certificate
#mkdir /etc/apache2/certificate
Now generate the keys for our self signed certificate, you will be asked about the information which you have to provide
#openssl req -new -x509 -days 1095 -nodes -out /etc/apache2/certificate/apache.pem -keyout /etc/apache2/certificate/apache.key
Generating a 1024 bit RSA private key
..............++++++
.......................++++++
writing new private key to '/etc/apache2/certificate/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Now you have to to add/modify ports.conf to tell apache2 to run under https
NameVirtualHost *:443
And also add/modify in the same file i.e /etc/apache2/ports.conf from(without quotes) "Listen 443" to "Listen 443 http" else you will get some issues like "Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)"
#Now in the virtual host file which might be under default location /etc/apache2/sites-available , here in default-ssl Add/update
SSLEngine On
SSLCertificateFile /etc/apache2/certificate/apache.pem
SSLCertificateKeyFile /etc/apache2/certificate/apache.key
Now create a link of the above file like
#ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
Now restart apache, you will be able to see https with a self signed certificate
Many thanks for this sharing the complete procedure to generate a self signed certificate. I will do share this information with my friends too as we all are facing problem while doing the same.
ReplyDeletedigital certificates
Thanks Jimmy :)
Delete