How to create a self-signed SSL Certificate which can be used for testing purposes or internal usage
Step 1: Generate a Private Key and CSR
aws@AWSadminz:~$ mkdir ~ssl aws@AWSadminz:~$ cd ~ssl aws@AWSadminz:~$ openssl req -new -newkey rsa:2048 -nodes -out www_domain_com.csr -keyout www_domain_com.key -subj "/C=IN/ST=India/L=Kerala/O=AWSadminz/OU=IT/CN=www.domain.com"
Optional : To add Multiple SAN names, Use multipe CN values.
aws@AWSadminz:~$ openssl req -new -newkey rsa:2048 -nodes -out www_domain_com.csr -keyout www_domain_com.key -subj "/C=IN/ST=India/L=Kerala/O=AWSadminz/OU=IT/CN=www.domain.com/CN=online.domain.com"
Where Above Fields Refers,
Country Name (2 letter code) [GB]:**IN** State or Province Name (full name) [Berkshire]:**India** Locality Name (eg, city) [Newbury]:**Kerala** Organization Name (eg, company) [My Company Ltd]: **AWSadminz** Organizational Unit Name (eg, section) []:**IT** Common Name (eg, your name or your server’s hostname) []:**www.domain.com** Please enter the following ‘extra’ attributes to be sent with your certificate request A challenge password []: An optional company name []:
-rw-rw-r-- 1 aws aws 1041 2012-10-27 03:32 www_domain_com.csr -rw-rw-r-- 1 aws aws 1704 2012-10-27 03:32 www_domain_com.key
Step 2: Generating a Self-Signed Certificate
At this point you will need to generate a self-signed certificate because you either don’t plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted. To generate a temporary certificate which is good for 365 days, issue the following command:
aws@AWSadminz:~ssl$ openssl x509 -req -days 365 -in www_domain_com.csr -signkey www_domain_com.key -out www_domain_com.crt Signature ok subject=/C=IN/ST=India/L=Kerala/O=AWSadminz/OU=IT/CN=www.domain.com
Getting Private key
Now you have al the 3 files. ie, Certificate Key and CSR.
aws@AWSadminz: ~ssl$ ls total 404 drwxrwxr-x 2 aws aws 4096 2012-10-27 03:29 ./ drwxrwxrwt 27 root root 393216 2012-10-27 03:33 ../ -rw-rw-r-- 1 aws aws 1273 2012-10-27 03:32 www_domain_com.crt -rw-rw-r-- 1 aws aws 1041 2012-10-27 03:32 www_domain_com.csr -rw-rw-r-- 1 aws aws 1704 2012-10-27 03:32 www_domain_com.key
Step 3: Installing the Private Key and Certificate
When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled. We need only CRT and KEY file on the apache Server.
mkdir /etc/httpd/ssl cp www_domain_com.crt /etc/httpd/ssl/www_domain_com.crt cp www_domain_com.key /etc/httpd/ssl/www_domain_com.key
Step 4: Configuring SSL Enabled Virtual Hosts
SSLEngine on SSLCertificateFile /etc/httpd/ssl/www_domain_com.crt SSLCertificateKeyFile /etc/httpd/ssl/www_domain_com.key
Step 5: Restart Apache and Test
/etc/init.d/httpd stop /etc/init.d/httpd stop
And verify the ssl using the URL https://www.domain.com Any Isuses, Please comment ![:)]
