Fedora 10
Sponsored Link

Configure SSL
2008/11/30
  Configure SSL
[root@www ~]#
cd /etc/pki/tls/certs

[root@www certs]#
make server.key

umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key

Generating RSA private key, 1024 bit long modulus
......................................................++++++
.............++++++
e is 65537 (0x10001)
Enter pass phrase:
# set passphrase

Verifying - Enter pass phrase:
# confirm

[root@www certs]#

# remove passphrase from private key

[root@www certs]#
openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:
# input passphrase

writing RSA key
[root@www certs]#
[root@www certs]#
make server.csr

umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
JP
 
# country

State or Province Name (full name) [Berkshire]:
Hiroshima
 
# state

Locality Name (eg, city) [Newbury]:
Hiroshima
 
# city

Organization Name (eg, company) [My Company Ltd]:
Server Linux
 
# company

Organizational Unit Name (eg, section) []:
IT Solution
 
# department

Common Name (eg, your server's hostname) []:
www.srv.world
 
# server's FQDN

Email Address []:
root@srv.world
 
# email address

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
# Enter

An optional company name []:
# Enter

[root@www certs]#
[root@www certs]#
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=Server Linux/OU=IT Solution/CN=www.srv.world/emailAddress=root@srv.world Getting Private key
[root@www certs]#
chmod 400 server.*

[root@www certs]#
[root@www certs]#
vi /etc/httpd/conf.d/ssl.conf


# line 78: uncomment

DocumentRoot "/var/www/html"

# line 79: uncomment and change

ServerName
www.srv.world:443


# line 106: change

SSLCertificateFile
/etc/pki/tls/certs/server.crt


# line 113: change

SSLCertificateKeyFile
/etc/pki/tls/certs/server.key


[root@www certs]#
/etc/rc.d/init.d/httpd restart

Stopping httpd:
[ OK ]

Starting httpd:
[ OK ]

Access to the test page with https. Following window is shown because Certification File is not installed in browser. It's no ploblem. Click Yes to proceed.
 
Just accessed.
 
Matched Content
 
Tweet