Fedora 10
Sponsored Link

Configure SSL
2008/11/30
  Configure SSL
[root@www ~]#
cd /etc/pki/tls/certs

[root@www certs]#
make server.key

umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key

Generating RSA private key, 1024 bit long modulus
......................................................++++++
.............++++++
e is 65537 (0x10001)
Enter pass phrase:
# set passphrase

Verifying - Enter pass phrase:
# confirm

[root@www certs]#

# remove passphrase from private key

[root@www certs]#
openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:
# input passphrase

writing RSA key
[root@www certs]#
[root@www certs]#
make server.csr

umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
JP
 
# country

State or Province Name (full name) [Berkshire]:
Hiroshima
 
# state

Locality Name (eg, city) [Newbury]:
Hiroshima
 
# city

Organization Name (eg, company) [My Company Ltd]:
Server Linux
 
# company

Organizational Unit Name (eg, section) []:
IT Solution
 
# department

Common Name (eg, your server's hostname) []:
www.srv.world
 
# server's FQDN

Email Address []:
root@srv.world
 
# email address

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
# Enter

An optional company name []:
# Enter

[root@www certs]#
[root@www certs]#
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=Server Linux/OU=IT Solution/CN=www.srv.world/emailAddress=root@srv.world Getting Private key
[root@www certs]#
chmod 400 server.*

[root@www certs]#
[root@www certs]#
vi /etc/httpd/conf.d/ssl.conf


# line 78: uncomment

DocumentRoot "/var/www/html"

# line 79: uncomment and change

ServerName
www.srv.world:443


# line 106: change

SSLCertificateFile
/etc/pki/tls/certs/server.crt


# line 113: change

SSLCertificateKeyFile
/etc/pki/tls/certs/server.key


[root@www certs]#
/etc/rc.d/init.d/httpd restart

Stopping httpd:
[ OK ]

Starting httpd:
[ OK ]

Access to the test page with https. Following window is shown because Certification File is not installed in browser. It's no ploblem. Click Yes to proceed.
 
Just accessed.
 
Matched Content