townx - Creating a self-signed SSL certificate for Apache on Linux - Comments

I followed yours and it

Assignment — Sat, 09 May 2009 04:38:47 -0500

I followed yours and it works well, now to bookmark your site so I don't have to google next time and get a different tut.

I know what you mean - it's

Electro Plated Diamond Blades — Fri, 01 May 2009 05:07:48 -0500

I know what you mean - it's always such a manual process when registering for an SSL certificate.

Interesting

Next Day Delivery — Wed, 22 Apr 2009 16:34:53 -0500

This sounds interesting to me, having in mind that 5 SSL certificates goes form $80-100 per year.

And one can be used for a single domain, which is fine. ;) Thanks for sharing this information with us, pleas if you have more, give us more...

all the best to you. ;)

Thanks for this I have to

team leadership training — Fri, 17 Apr 2009 09:02:50 -0500

Thanks for this

I have to set up SSL once every several months and each time it's like the first time, I just forget what needs doing.

I'll bookmark this for future reference.

will install on open ssl

Lyrics — Wed, 08 Apr 2009 00:42:28 -0500

I'll try this on my apache box 2, it has open / mod ssl.

Nice post thanks!

epc — Mon, 06 Apr 2009 14:52:00 -0500

Nice post thanks!

Thanks!

Gr33n3gg — Sat, 28 Mar 2009 11:14:01 -0500

I'll be sure to try this. I use Lighttpd instead of Apache, so I'll see what I can do.

Good howto

Tech Blog — Fri, 27 Mar 2009 06:02:00 -0500

This is very good article on creating certificate, btw you can also use the CA .sh script to create it .

I'll turn that one off, I

elliot — Wed, 18 Mar 2009 16:10:59 -0500

I'll turn that one off, I think! Thanks for letting me know.

There's 1000s of these

nadine anddanes — Tue, 17 Mar 2009 16:55:52 -0500

There's 1000s of these tutorials on the net, each one a little different. I followed yours and it works well, now to bookmark your site so I don't have to google next time and get a different tut.

Eventually you want a signed

Anonymous — Mon, 16 Mar 2009 11:05:17 -0500

Eventually you want a signed one but a cheap signed for $15, not one of those $500 ripoffs.

PS: Your ASCII captcha sucks and is broken! No matter how many times a human tries, the human always gets it wrong. I had to clear cookies and restart.

Creating a self-signed SSL certificate for Apache on Linux

elliot — Thu, 05 Mar 2009 04:36:44 -0600

(This is extracted from my Apache course materials, but it's a useful howto in its own right.)

To generate a self-signed SSL certificate, you will need openssl installed first.

Then follow these steps:

Generate the server's private key; we'll use a 1024-bit key using the RSA algorithm:
openssl genrsa -out server.key 1024
Generate a certificate-signing request:
openssl req -new -key server.key -out server.csr

Fill in the required information at the prompts:

   Country Name (2 letter code) [GB]:GB
   State or Province Name (full name) []:.
   Locality Name (eg, city) [Newbury]:Birmingham
   Organization Name (eg, company) [My Company Ltd]:Talis
   Organizational Unit Name (eg, section) []:Library Products
   Common Name (eg, your name or your server's hostname) []:prism.talis.com
   Email Address []:.

   Please enter the following 'extra' attributes to be sent with your certificate request

   A challenge password []:.
   An optional company name []:.

The really important one is the Common Name: this must match the domain name which will serve the SSL site; otherwise connecting clients will get a prompt about a mismatch between the certificate's host name and the actual host name of the server.

Note that we left the password blank. If we don't do this, Apache will prompt you for the certificate password each time you start the server, which is a pain in the arse.

Create a self-signed certificate from the certificate-signing request (.csr file):
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
rm server.csr (you don't need it any more)
Put the .crt and .key files into Apache's SSL directory and configure Apache to use them

If I get round to it I'll do another entry explaining how to make Apache use them.