SSL: Difference between revisions
From code/src wiki
Jump to navigationJump to search
Created page with "== Creating a self-signed certificate for Apache == * Create the cert, and copy it to the standard location <pre> # Change "site" to match your domain. eg. site=codesrc; export sā¦" |
(No difference)
|
Revision as of 23:33, 23 May 2011
Creating a self-signed certificate for Apache
- Create the cert, and copy it to the standard location
# Change "site" to match your domain. eg. site=codesrc; export site
cd /tmp
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${site}-selfsigned.key -outform pem -out ${site}-selfsigned.pem
sudo cp ${site}-selfsigned.pem /etc/ssl/certs/
sudo cp ${site}-selfsigned.key /etc/ssl/private
sudo chgrp ssl-cert /etc/ssl/private/${site}-selfsigned.key
sudo chmod 640 /etc/ssl/private/${site}-selfsigned.key
- Modify your apache site config:
<IfModule mod_ssl.c>
<VirtualHost *:443>
# Copy standard, non-SSL config here
SSLEngine on
SSLCertificateFile /etc/ssl/certs/codesrc-selfsigned.pem
SSLCertificateKeyFile /etc/ssl/private/codesrc-selfsigned.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
* Make sure mod_ssl is enabled.
<pre>
cd /etc/apache2/sites-enabled
sudo ln -s ../mods-available/ssl.load .
sudo ln -s ../mods-available/ssl.conf .
- Restart apache
sudo /etc/init.d/apache2 restart
