SSL

From code/src wiki
Revision as of 23:33, 23 May 2011 by Michael (talk | contribs) (Created page with "== Creating a self-signed certificate for Apache == * Create the cert, and copy it to the standard location <pre> # Change "site" to match your domain. eg. site=codesrc; export s…")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Creating a self-signed certificate for Apache

  • Create the cert, and copy it to the standard location
# Change "site" to match your domain. eg. site=codesrc; export site
cd /tmp
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${site}-selfsigned.key -outform pem -out ${site}-selfsigned.pem
sudo cp ${site}-selfsigned.pem /etc/ssl/certs/
sudo cp ${site}-selfsigned.key /etc/ssl/private
sudo chgrp ssl-cert /etc/ssl/private/${site}-selfsigned.key
sudo chmod 640 /etc/ssl/private/${site}-selfsigned.key
  • Modify your apache site config:
<IfModule mod_ssl.c>
<VirtualHost *:443>
        # Copy standard, non-SSL config here

        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/codesrc-selfsigned.pem
        SSLCertificateKeyFile /etc/ssl/private/codesrc-selfsigned.key
        #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

* Make sure mod_ssl is enabled.
<pre>
cd /etc/apache2/sites-enabled
sudo ln -s ../mods-available/ssl.load .
sudo ln -s ../mods-available/ssl.conf .
  • Restart apache
sudo /etc/init.d/apache2 restart
Retrieved from "https://www.codesrc.com/mediawiki/index.php?title=SSL&oldid=2"