wiki

User Tools

Site Tools

Trace: tsm_cli_error tsm_functionality linux_systemd_chrony openssl_certificate
linux:openssl_certificate

Generate a self-signed certificate

https://wiki.centos.org/HowTos/Https

Setting up an SSL secured Webserver with CentOS

Install mod_ssl openssl

Generate private key 

root@ubuntu:~# openssl genrsa -out ca.key 2048

Generate CSR 

root@ubuntu:~# openssl req -new -key ca.key -out ca.csr -subj "/C=LU/ST=Luxembourg/L=Luxembourg/O=Global Security/OU=IT Department/CN=example.com"

The fields, required in CSR are listed below:

Field Meaning Example
/C= Country LU
/ST= State Luxembourg
/L= Location Luxembourg
/O= Organization Global Security
/OU= Organizational Unit IT Department
/CN= Common Name example.com

Generate Self Signed Key 

root@ubuntu:~# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=LU/ST=Luxembourg/L=Luxembourg/O=Global Security/OU=IT Department/CN=example.com
Getting Private key

Copy the files to the correct locations 

root@ubuntu:~# cp ca.crt /etc/pki/tls/certs
root@ubuntu:~# cp ca.key /etc/pki/tls/private/ca.key
root@ubuntu:~# cp ca.csr /etc/pki/tls/private/ca.csr

Change the paths to match where the Key file is stored in /etc/httpd/conf.d/ssl.conf 

SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache 

/etc/init.d/httpd restart

Now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate.

Setting up the virtual hosts

Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typical VirtualHost for a site on port 80 looks like this 

<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
</VirtualHost>

To add a sister site on port 443 you need to add the following at the top of your file 

NameVirtualHost *:443

and then a VirtualHost record something like this: 

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>

Restart Apache again using 

/etc/init.d/httpd restart
linux/openssl_certificate.txt · Last modified: 2021/01/01 21:25 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki