SSL-self-signed-certificate-creation-and-config

From Wiki at Neela Nurseries
Revision as of 19:39, 24 July 2017 by Ted (talk | contribs) (2017-07-24 - On Neela wiki page, Ted putting up first notes of SSL self-signed certificate creation - TMH)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


- 2017-07-20 Thursday -

Ted's first finding of instructions on setting up SSL and configuring Apache2 web server to use this encrypted protocol library:


Copy of summary of steps from above instructions on-line:

"
Here's what we're going to do, in order:

  1. Make sure Apache has SSL enabled.
  2. Generate a certificate signing request (CSR).
  3. Generate a self-signed certificate.
  4. Copy the certificate and keys we've generated.
  5. Tell Apache about the certificate.
  6. Modify the VirtualHosts to use the certificate.
  7. Restart Apache and test.

"


Note From SSL Config On Generic Server

 

STEP 1


ted@localhost:~$ sudo a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
ted@localhost:~$


STEP 2


ted@localhost:~$ # https://www.linux.com/learn/creating-self-signed-ssl-certificates-apache-linux
ted@localhost:~$ # STEP 2
ted@localhost:~$ sudo openssl req -new > new.ssl.csr
Generating a 1024 bit RSA private key
...........++++++
.................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
Verify failure
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Oregon
Locality Name (eg, city) []:Portland
Organization Name (eg, company) [Internet Widgits Pty Ltd]:General Industry
Organizational Unit Name (eg, section) []:Web and CMS
Common Name (eg, YOUR name) []:Ted Havelka
Email Address []:ted@general-industry.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:.
An optional company name []:.
ted@localhost:~$


Checking for new files . . .


ted@localhost:~$ ls -lt
total 60
-rw-r--r-- 1 ted  ted    720 2017-07-20 12:22 new.ssl.csr
-rw-r--r-- 1 root root   963 2017-07-20 12:22 privkey.pem
drwxr-xr-x 2 ted  ted   4096 2017-05-05 15:08 archive
   .
   .
   .


STEP 3


ted@localhost:~$ sudo openssl rsa -in privkey.pem -out new.cert.key
Enter pass phrase for privkey.pem:
writing RSA key
ted@localhost:~$

ted@localhost:~$ sudo openssl x509 -in new.ssl.csr -out new.cert.cert -req -signkey new.cert.key -days 365
Signature ok
subject=/C=US/ST=Oregon/L=Portland/O=General Industry/OU=Alta/CN=Ted Havelka/emailAddress=ted@general-industry.com
Getting Private key

ted@localhost:~$ sudo cp new.cert.cert /etc/ssl/certs/server-localhost.crt
[sudo] password for ted:
ted@localhost:~$ sudo cp new.cert.key /etc/ssl/private/server-localhost.key


Checking permissions of newly created private key file:


ted@localhost:/etc/ssl$ sudo su
# id
uid=0(root) gid=0(root) groups=0(root)
# cd private/
# ls -l
total 8
-rw-r--r-- 1 root root      887 2017-07-20 14:15 server-localhost.key
-rw-r----- 1 root ssl-cert 1679 2011-05-10 08:24 ssl-cert-snakeoil.key
# exit
exit
ted@localhost:/etc/ssl$ ls -l /etc/ssl/certs/server-localhost.crt
-rw-r--r-- 1 root root 993 2017-07-20 14:14 /etc/ssl/certs/server-localhost.crt
ted@localhost:/etc/ssl$




top of page