http://www.onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html
These are the steps that I followed from the article:
I am setting up a qa web server , so I did this :
1) " For testing purposes, or for small LANs, you can create a self-signed certificate. This can be done by issuing this command: "
openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 \
-nodes -keyout server.key -out server.crt \
-subj '/O=Company/OU=Department/CN=www.example.com'
Note: You will need to have setup a self-signing Certificate
Authority on your server. This enables you to create your own temporary
certificates for testing purposes. See my blog post on setting up
Email/SMTP on Amazon EC2 for how this is done.
2) Next, I installed mod_ssl on Apache:
For Fedora, command line: yum install mod_ssl
3) Update /etc/httpd/conf.d/ssl.conf,
add a reference to your certificate (server.crt) and your key (server.key),
For example:
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/httpd/certs/server.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/certs/server.key
4) Enable Port 443 on your server and firewall
(Amazon EC2 command line:ec2-authorize default -p 443 )
Conclusion: You now have a QA Web server with a temporary certificate that can run web sites
using SSL ( https ). For production Web servers , you will need to purchase a permanent certificate
from a trusted certificate authority like Verisign.
Posts
i love ssl
ReplyDelete