Posts Tagged ‘openssl’

How to generate a self-signed OpenSSL certificate for Apache

There are just a few quick and easy steps to generate a certificate without a passphrase for Apache. First you have to generate a key for your host:

[root@heimdull]# openssl genrsa 1024 > host.key

Generating RSA private key, 1024 bit long modulus
..........................................++++++
.........++++++
e is 65537 (0x10001)
Generating RSA private key, 1024 bit long modulus............. .............................++++++.........++++++e is 65537 (0x10001)

Now you have your host key file that you will use in the Apache configuration file and to generate the actual certificate

[root@heimdull]# openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:GB
State or Province Name (full name) [Berkshire]:Berkshire
Locality Name (eg, city) [Newbury]: Newbury
Organization Name (eg, company) [My Company Ltd]:My Company Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.myserver.com
Email Address []:

Now you have to move these files somewhere that is related to you Apache installation and in your httpd.conf or httpd-ssl.conf file you will need these lines:

SSLEngine on
  SSLCertificateFile /Apache-home/ssl/host.crt
  SSLCertificateKeyFile /Apache-home/ssl/host.key
Advertisements