How To Create Self Signed SSL Certificate For Apache? | The SSL Store™
Upcoming SlideShare
Loading in...5

How To Create Self Signed SSL Certificate For Apache? | The SSL Store™



Following is a very simplified view of the method is an implementation of SSL and what part of the certificate in the entire process of plays.

Following is a very simplified view of the method is an implementation of SSL and what part of the certificate in the entire process of plays.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

How To Create Self Signed SSL Certificate For Apache? | The SSL Store™ How To Create Self Signed SSL Certificate For Apache? | The SSL Store™ Document Transcript

  • How to Create Self-Signed Certificate for Apache?T h e SSLst or e . c om , 1 4 6 Se c on d St r e e t Nor t h , Su i te 2 0 4 , St . Pe t e r sbu r g , F L 3 3 7 0 1 , U SAH t t p s: / / w ww. t h e sslst or e . c om / t h e sslst or e @g m a i l. c om 7 2 7 - 3 8 8 - 4 2 4 0 Getting Started By Company NameINSIDE THIS ISSUE TheSSLStore: SSL Credentials VeriSign GeoTrust Thawte & RapidSSL Certificates for Athabascan, IIS, Windows, IIS6, Windows 2003 for1 Getting Started invulnerable web computer at low prices.2 Summary3 Description4 Author’s Bio Summary:-5 Contact Us Following is a very simplified view of the method is an implementation of SSL and what part of the certificate in the entire process of plays.
  • Page 2 How To Create Self- Signed Certificate For Apache? Description:- Normal Web traffic is sent over the Internet. This means that anyone with access to the right tools, you can snoop all this traffic. Of course, this can lead to problems, in particular where security and privacy, it is necessary, as for example in the data bank and credit card transactions. Secure Socket Layer is used to encrypt the data stream between a Web server and Web client. SSL makes use of what is known as asymmetric cryptography, also known as public key cryptography (PKI). With public key cryptography are created two keys, one public, and one private. Anything encrypted with either key can be decrypted only by its key. Therefore, if the current message or data to be encrypted using the private key of the server, it can be decrypted only by using the corresponding public key, ensures that the data would only come from the server. SSL Certificates uses public key cryptography to encrypt the data stream to travel over the Internet, why a certificate is necessary? The technical answer to this question is that the certificate is not really necessary-data is secureTheSSLstore Products and Partners and cannot be easily decrypted by a third party. The certificate is used, however, a decisive role in the process of communication. A certificate signed by a trusted certification authority (CA), provides its holder is who it claims to be you. Without a trusted certificate to the signed data can be encrypted, the party you are communicating with, however, may not be whom you believe. Without certificates, it would be much more common impersonation attacks.
  • How To Create Self- Signed Certificate For Apache? Page 3Step 1: Generate a Private KeyToolbox is used to generate a RSA private key & service customers (signing a SSL Certificate request). Youcan also use to generate a self-signed certificate that can be used for testing purposes or internal use.The first step is to create your private RSA key. This key is a 1024-bit RSA key is encrypted using Triple-DESand stored in PEM format, so its readable as ASCII.Command:openssl genrsa -des3 -out server.key 1024Output:Generating RSA private key, 1024 bit long modulus.........................................................++++++........++++++e is 65537 (0x10001)Enter PEM pass phrase:Verifying password - Enter PEM pass phrase:Step 2: Generate a CSR (Certificate Signing Request)Once you generate the private key can generate a certificate signing request. CSR and then, use one of twomethods. Ideally, CSR will be sent to a certification authority such as verisign) to verify the identity of therequestor, and issued a signing certificate or Thawte. The second option is to self-sign, Certificate SigningRequest, in the next section.Period of CSR generation you will be prompted to enter a few pieces of information. These are the propertiesof an x.509 certificate. Tip of the "common name (for example, your name)". It is important to be an SSLservers fully qualified domain name of this field is filled in. If you want to protect this Web site will and enter in this prompt. Generate CSR command, as follows:Command:openssl req -new -key server.key -out server.csrOutput:Country Name (2 letter code) [GB]:CHState or Province Name (full name) [Berkshire]:BernLocality Name (eg, city) [Newbury]:OberdiessbachOrganization Name (eg, company) [My Company Ltd]:Akadia AGOrganizational Unit Name (eg, section) []:Information TechnologyCommon Name (eg, your name or your servers hostname) []:public.akadia.comEmail Address []:martin dot zahn at akadia dot chPlease enter the following extra attributesto be sent with your certificate requestA challenge password []:An optional company name []:
  • Page 4 How To Create Self- Signed Certificate For Apache?Step 3: Remove Passphrase from KeyOne of misery-side effect of the private key is Apache ask oiith pass phrase password every time the Webserver is running. Clearly this is not necessarily as someone not always be around to type a password in aphrase, such as after the restart, or crash. Mod_ssl provides the ability to use external program instead of inthe beyond-a built-in phrase, however, this is not necessarily the safest option or. It is possible to remove theTriple-DES encryption key, and thus no longer need to type a passphrase.If the private key is encrypted, it is very important that this file must be readable only by root user! If yoursystem is ever disclosed to a third party obtains your private key without encryption, the certificatecorresponding to the need to be revoked. With this he said, use the following command to remove the pass-phrase from the key:Command:cp server.key server.key.orgopenssl rsa -in -out server.keyThe newly created server.key file has no more passphrase in it.Output:-rw-r--r-- 1 root root 745 Jun 29 12:19 server.csr-rw-r--r-- 1 root root 891 Jun 29 13:22 server.key-rw-r--r-- 1 root root 963 Jun 29 13:22 server.key.orgStep 4: Generating a Self-Signed CertificateIn this step, you create a self-signed certificate because you or you dont plan on the need your certificatesigned by a certification authority, or want to test the new SSL application while the CA is the signature ofthe certificate. This temporary certificate will generate an error in the client browser to the effect that the CAsignature is you know and trust.To generate a temporary certificate which is good for 365 days, issue the following command:Command:openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtOutput:Signature oksubject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=InformationTechnology/ dot zahn at akadia dot chGetting Private keyStep 5: Installing the Private Key and CertificateInstalled Apache with mod_ssl, it creates several libraries in the Apache config. Location of this directorywill differ depending on how Apache compiled.Config code:
  • How To Create Self- Signed Certificate For Apache? Page 5Config code:cp server.crt /usr/local/apache/conf/ssl.crtcp server.key /usr/local/apache/conf/ssl.keyStep 6: Configuring SSL Enabled Virtual Hostshttp-ssl.conf:SSLEngine onSSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crtSSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.keySetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdownCustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"Step 7: Restart Apache and TestAuthor’s is one of the largest SSL Certificates providers globally. Join the Reseller SSL Certificateprogram and SSL Certificate Affiliate to join with us. Among the Internet security solutions TheSSLstore.comoffers are SSL certificates from VeriSign, Thawte, GeoTrust, and RapidSSL. We buy SSL certificates in largequantities and pass the savings to you. To learn more about SSL Certificates visit 146, Second Street North, Suite 204 [Address 2] St. Petersburg, FL 33701, USA Phone: 727-388-4240 Fax: 727-388-4240 E-mail: