Alter.Org.UA
 << Back Home UK uk   Donate Donate

Apache + SSL self-signed certificate (quick HOWTO)

Generate self-signed certificate. Simple, but I often forget how to do it :) It is alse useful for quick fixup of Error code: sec_error_reused_issuer_and_serial, which appear when default apache sertificat is used on several servers under your control. Sometimes it is tricky to fix/workaround it on Firefox side

# openssl req -x509 -nodes -newkey rsa:2048 -keyout my.site.name.key -out my.site.name.crt
 or
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout my.site.name.key -out my.site.name.crt

Answer some questions. The main is:

Common Name: my.site.name

You will get .key and .crt in current directory. Place them to some directory that you defined for sertificate storage. Then update <VirtualHost MY.SITE.IP.ADDRESS:443> section with paths to them:

<VirtualHost MY.SITE.IP.ADDRESS:443>
SSLEngine on
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/etc/apache22/ssl/my.site.name.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/my.site.name.key"
</VirtualHost>

Note: For old versions each SSL-enabled site must have unique IP address or the certificate must include all domain names served by given IP. Newer versions are capable of keeping individual certificate for each virtual host.


See also:

FB or mail alterX@alter.org.ua (remove X)   Share
<< Back designed by Alter aka Alexander A. Telyatnikov powered by Apache+PHP under FBSD © 2002-2024