- Generate a the ssl key pair
openssl genrsa -out www.mysite.com.key 2048
- using a pass-phrase is problematic since the apache2 server cant boot with the having the pass-phrase input.
- if you need to use a passphrase then add on -des3 param
- using a pass-phrase is problematic since the apache2 server cant boot with the having the pass-phrase input.
- Generate a code signing request (without a pass-phrase)
openssl req -new -key www.mysite.com.key -out www.mysite.com.csr
- do not enter an email address, challenge password or an optional company name when generating the CSR.
- Enter the info which MATCHES THE WHOIS for the domain or your request is likely to get rejected.
- Country Name:
- State or Province: (the capitalized two letter code)
- Locality or City: (without abbreviations)
- Company: (without &, @, or any other symbol)
- Organizational Unit: (optional; to skip hit enter)
- Common Name: the host name ie "www.mysite.com" (make certain it matches the main one used by end customers, to avoid ssl mismatch warnings.)
- Country Name:
- do not enter an email address, challenge password or an optional company name when generating the CSR.
- Send the code code signing request to the certificate authority and wait for them to send the signed certificate back (the crt file).
- The files should be stored at the following location with the following permissions/owner. Remember to do it or the key can be viewed and copied.
/etc/apache2/ssl$ ls -al drwxr-xr-x 2 root root 4096 2010-01-08 16:38 . drwxr-xr-x 9 root root 4096 2010-01-08 09:42 .. -r-------- 1 root root 1354 2010-01-08 09:17 www.mysite.com.crt -r-------- 1 root root 1354 2010-01-08 09:17 www.mysite.com.csr -r-------- 1 root root 1675 2010-01-08 16:38 www.mysite.com.key
Thursday, July 15, 2010
SSL using website - Generating an SSL cert for apache2
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment