Thursday 27 August 2009

Apache SSL setup

Generate CSR
A CSR needs to be sent to the CA (Certificate Authority - Verisign, Thawte, etc) for them to sign the key. Once it is signed you can import it into Apache to allow pages to be encrypted without the user being warned about  dodgy SSL certificate.  First you need to create a key file for the server
# openssl genrsa -out server.name.com.key 1024
Next you need to use this key to create the CSR
# openssl req -new -key server.name.com.key -out server.name.com.csr
You should be able to send the *.CSR file to a CA for them to sign using their "buy certificate" pages.

When you get the certificate back signed run a2enmod ssl to enable ssl in apache then edit the site in sites-enabled entering the correct key and cert files. Restart apache and it should be working.

No comments:

Post a Comment