Below steps is for creating and installing apache self signed certificate in RHEL 6.2
Step 1 : Generate Key
[root@mail ]# cd /etc/ssl/certs/
[root@mail certs]# openssl genrsa -des3 -out new.key 2048
Generating RSA private key, 2048 bit long modulus
.........................................................................................................+++
...............................................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for new.key:
Verifying - Enter pass phrase for new.key:
[root@mail certs]#
Step 2 : Removing passphrase from key (This step is optional, by this step we can avoid giving password every time we start apache service - httpd)
[root@mail certs]# cp new.key new.key_org
[root@mail certs]#
[root@mail certs]# openssl rsa -in new.key -out new.key
Enter pass phrase for new.key:
writing RSA key
[root@mail certs]# ll new.key
-rw-r--r-- 1 root root 1679 May 22 12:13 new.key
[root@mail certs]#
Step 3 : Generate a Certificate Signing Request (CSR)
[root@mail certs]# openssl req -new -key new.key -out webmail.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Tamil Nadu
Locality Name (eg, city) [Default City]:Madurai
Organization Name (eg, company) [Default Company Ltd]:Lynx Corp
Organizational Unit Name (eg, section) []:Leo
Common Name (eg, your name or your server's hostname) []:mail.isvivek.com
Email Address []:isvivek@isvivek.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@mail certs]#
Step 4 : Generate a self signed ssl certificate
[root@mail certs]# openssl x509 -req -days 365 -in webmail.csr -signkey new.key -out webmail.cert
Signature ok
subject=/C=IN/ST=Tamil Nadu/L=Madurai/O=Lynx Corp/OU=Leo/CN=mail.isvivek.com/emailAddress=isvivek@isvivek.com
Getting Private key
[root@mail certs]#
Step 5 : Installing generated ceritificate
[root@mail certs]# vim /etc/httpd/conf.d/ssl.conf
--->>Update it as follows
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
--->> Update VirtualHost as follows:
SSLEngine On
SSLCertificateFile /etc/ssl/certs/webmail/webmail.cert
SSLCertificateKeyFile /etc/ssl/certs/webmail/new.key
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:+MD5
DocumentRoot "/var/www/html/ssl"
ServerName mail.isvivek.com:443
[root@mail certs]# mkdir -p /var/www/html/ssl
[root@mail certs]# chown apache /var/www/html/ssl
[root@mail certs]# vim /etc/httpd/conf/httpd.conf
--->>Update it as follows
SSLRequireSSL
SSLOptions +StrictRequire
SSLRequire %{HTTP_HOST} eq "mail.isvivek.com"
ErrorDocument 403 https://mail.isvivek.com/sslerror.html
[root@mail certs]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@mail certs]#
Step 6 : Verify the details from by browsing the URL,
No comments:
Post a Comment