7.2. Generating Self-Signed SSL Certificates
Problem
You want to generate a self-signed certificate to use on your SSL server.
Solution
Use the openssl command-line program that comes with OpenSSL:
%openssl genrsa -out server.key 1024%openssl req -new -key server.key -out server.csr%cp server.key server.key.org%openssl rsa -in server.key.org -out server.key%openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Then move these files to your Apache server’s configuration directory, such as /www/conf/, and then add the following lines in your httpd.conf configuration file:
SSLCertificateFile "/www/conf/server.crt" SSLCertificateKeyFile "/www/conf/server.key"
Discussion
The SSL certificate is a central part of the SSL conversation and is required before you can run a secure server. Thus, generating the certificate is a necessary first step to configuring your secure server.
Generating the key is a multistep process, but it is fairly simple.
Generating the private key
In the first step, we generate the private key. SSL is a private/public key encryption system, with the private key residing on the server and the public key going out with each connection to the server and encrypting data sent back to the server.
The first argument passed to the openssl program tells openssl that we want to generate an RSA key (genrsa), which is an encryption algorithm that all major browsers support.
You may, if you wish, specify an argument telling openssl what to use as the ...
Get Apache Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
