This module provides SSL v3 and TLS v1.x support for the Apache HTTP Server. SSL v2 is no longer supported. This module relies on OpenSSL to provide the cryptography engine. Further details, discussion, and examples are provided in the SSL documentation. Configuring SSL on Apache Web Server Manually. Smsps uses the OpenSSL cryptography toolkit that implements the SSL v2/v3 and Transport Layer Security (TLS v1) network protocols and related cryptography standards. The OpenSSL toolkit includes the openssl command line tool for.
Online, it is crucial for your visitors to know that the connection is secure. To encrypt the connection to your website, SSL certificates are commonly used to establish a secure connection. Webmasters may buy SSL certificates to secure their website from web hosting companies who sell offerings from premium vendors such as GeoTrust, Verisign, and others.
Assuming you have apache and open ssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR.
First, Generate the RSA & CSR (Signing Request)
[[email protected] root]#
[[email protected] root]# cd /etc/httpd/conf/ssl.key
Generate the RSA without a passphrase: Generating a RSA private key without a passphrase (I recommended this, otherwise when apache restarts, you have to enter a passphrase which can leave the server offline until someone inputs the passphrase)
[[email protected] /etc/httpd/conf/ssl.key]# openssl genrsa -out yourdomain.key 1024
Or, with a passphrase: Generating a RSA private key with a passphrase. You will be prompted to enter a passphrase right after you hit enter.
[[email protected]/etc/httpd/conf/ssl.key]# openssl genrsa -des3 -out yourdomain.key 1024
You should generally NOT generate the RSA private key with a passphrase if you have scripts that restart apache automatically in case of a crash or otherwise. If there is a passphrase, Apache will just sit there and wait for the script to input the passphrase which means downtime, and downtime usually equals bad.
Next generate the CSR using the RSA Private Key
[[email protected]/etc/httpd/conf/ssl.csr]# openssl req -new -key yourdomain.key -out yourdomain.csr
[[email protected]/etc/httpd/conf/ssl.csr]# mv yourdomain.csr ./ssl.csr
You will be asked to enter your Common Name, Organization, Organization Unit, City or Locality, State or Province and Country.
Do not enter these characters ‘< > ~ ! @ # $ % ^ * / ( ) ?.,&’ because they will not be accepted.
Common Name: the domain for the web server (e.g. MYdomain.com)
Organization: the name of your organization (e.g. YUPAPA)
Organization Unit: the section of the organization (e.g. Sales)
City or Locality: the city where your organzation is located (e.g. Flanders)
State or Province: the state / province where your organzation is located (e.g New Jersey)
It' s okay to laugh pdf free download windows 10. Country: the country where your organzation is located (e.g US)
You may be asked for an email address and a challenge password. I usually just hit enter.
Now you should have:
Be sure to always make a backup copy of your private key! If you lose it, you’ll have to purchase a new cert!
Now you need to submit your CSR to your provider and they will mail you the certificate. They usually also send you a confirmation email before the certificate is sent out.
Now that you have the certificate.
Installing the Certificate for Apache
[[email protected] root]# cd /etc/httpd/conf/ssl.crt
Copy the certificate that they mailed you to yourdomain.crt
Open your httpd.conf file and place the following to your virtualhost
Apache Http Sslconnectionsocketfactory
– other config details-
Apache Http Sslcontext
OPTION 1 [[email protected] /etc/httpd/conf/ssl.crt]# apachectl restart
OPTION 2 (using the sh script) [[email protected] /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart
You may be asked to enter the passphrase IF you generated the RSA with a passphrase. If you do NOT want to be asked for a passphrase when restarting apache, re-generate your RSA key file.
[[email protected] /etc/httpd/conf/ssl.crt]# cd ./ssl.key
[[email protected] /etc/httpd/conf/ssl.key]# mv yourdomain.key yourdomain.key.has-passphrase
[[email protected] /etc/httpd/conf/ssl.key]# openssl rsa -in yourdomain.key.has-passphrase -out yourdomain.key
And then restart apache again
[[email protected] /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart
Now you should be able to access https://yourdomain.com