PREREQUISITE: Should know how to create a httpd
server.
1.For creating a certificate first of all we need to have these packages installed.
httpd-2.0.52-9.ent.i386.rpm
openssl-0.9.7a-43.1.i386.rpm
mod_ssl-2.0.52-9.ent.i386.rpm
2.Now create a server.key,server.csr,server.crt keys in /usr/share/ssl/certs directory.
Run the following commands;
#openssl req -nodes -new -keyout server.key -out server.csr
1.For creating a certificate first of all we need to have these packages installed.
httpd-2.0.52-9.ent.i386.rpm
openssl-0.9.7a-43.1.i386.rpm
mod_ssl-2.0.52-9.ent.i386.rpm
2.Now create a server.key,server.csr,server.crt keys in /usr/share/ssl/certs directory.
Run the following commands;
#openssl req -nodes -new -keyout server.key -out server.csr
The command will give something like
this;
----------------------------------------------------------------------------------------------------
Generating a 1024 bit RSA private key
...++++++
..++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:in
State or Province Name (full name) [Berkshire]:in
Locality Name (eg, city) [Newbury]:in
Organization Name (eg, company) [My Company Ltd]:in
Organizational Unit Name (eg, section) []:in
Common Name (eg, your name or your server's hostname) []:stationx.example.com
Email Address []:root@stationx.example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:redhat
An optional company name []:coss
---------------------------------------------------------------------------------------------------
#openssl req -new -key server.key -x509 -out server.crt -days 999
The command output of the command will be something like this
----------------------------------------------------------------------------------------------------
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:in
State or Province Name (full name) [Berkshire]:in
Locality Name (eg, city) [Newbury]:in
Organization Name (eg, company) [My Company Ltd]:in
Organizational Unit Name (eg, section) []:in
Common Name (eg, your name or your server's hostname) []:stationx.example.com
Email Address []:root@stationx.example.com
----------------------------------------------------------------------------------------------------
3.Now when you are in /usr/share/ssl/certs directory
#ls -l
u will find these three files
a)server.key
b)server.csr
c)server.crt
Now copy the files to the respective locations:
#cp server.key /etc/httpd/conf/ssl.key/
#cp server.csr /etc/httpd/conf/ssl.csr/
#cp server.crt /etc/httpd/conf/ssl.crt/
After doing this make the necessary changes in the /etc/httpd/conf/httpd.conf file
Let us say my machine no is 192.168.0.x
---------------------------------------------------------------------------------------------------
NameVirtualHost 192.168.0.x:80
<VirtualHost 192.168.0.x:80>
ServerAdmin root@wwwx.example.com
DocumentRoot /data/www
ServerName wwwx.example.com
ErrorLog logs/wwwx.example.com-error_log
CustomLog logs/wwwx.example.com-access_log common
</VirtualHost>
NameVirtualHost 192.168.0.x:443
<VirtualHost 192.168.0.x:443>
ServerAdmin root@stationx.example.com
DocumentRoot /var/www/html
ServerName stationx.example.com
SSLEngine on ---->This is the first change.
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt ---->This is the second change.
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key ---->This is the third change.
ErrorLog logs/stationx.example.com-error_log
CustomLog logs/stationx.example.com-access_log common
</VirtualHost>
---------------------------------------------------------------------------------------------------
service httpd restart
Now to test the work u have done go to the browser and
https://wwwx.example.com
It will ask for accepting the certificate.
###################################################################################################
#Note: This thing worked out for me fine if u have any doubts feel free to mail to me at
#vijayaraj62@gmail.com
###################################################################################################
----------------------------------------------------------------------------------------------------
Generating a 1024 bit RSA private key
...++++++
..++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:in
State or Province Name (full name) [Berkshire]:in
Locality Name (eg, city) [Newbury]:in
Organization Name (eg, company) [My Company Ltd]:in
Organizational Unit Name (eg, section) []:in
Common Name (eg, your name or your server's hostname) []:stationx.example.com
Email Address []:root@stationx.example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:redhat
An optional company name []:coss
---------------------------------------------------------------------------------------------------
#openssl req -new -key server.key -x509 -out server.crt -days 999
The command output of the command will be something like this
----------------------------------------------------------------------------------------------------
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:in
State or Province Name (full name) [Berkshire]:in
Locality Name (eg, city) [Newbury]:in
Organization Name (eg, company) [My Company Ltd]:in
Organizational Unit Name (eg, section) []:in
Common Name (eg, your name or your server's hostname) []:stationx.example.com
Email Address []:root@stationx.example.com
----------------------------------------------------------------------------------------------------
3.Now when you are in /usr/share/ssl/certs directory
#ls -l
u will find these three files
a)server.key
b)server.csr
c)server.crt
Now copy the files to the respective locations:
#cp server.key /etc/httpd/conf/ssl.key/
#cp server.csr /etc/httpd/conf/ssl.csr/
#cp server.crt /etc/httpd/conf/ssl.crt/
After doing this make the necessary changes in the /etc/httpd/conf/httpd.conf file
Let us say my machine no is 192.168.0.x
---------------------------------------------------------------------------------------------------
NameVirtualHost 192.168.0.x:80
<VirtualHost 192.168.0.x:80>
ServerAdmin root@wwwx.example.com
DocumentRoot /data/www
ServerName wwwx.example.com
ErrorLog logs/wwwx.example.com-error_log
CustomLog logs/wwwx.example.com-access_log common
</VirtualHost>
NameVirtualHost 192.168.0.x:443
<VirtualHost 192.168.0.x:443>
ServerAdmin root@stationx.example.com
DocumentRoot /var/www/html
ServerName stationx.example.com
SSLEngine on ---->This is the first change.
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt ---->This is the second change.
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key ---->This is the third change.
ErrorLog logs/stationx.example.com-error_log
CustomLog logs/stationx.example.com-access_log common
</VirtualHost>
---------------------------------------------------------------------------------------------------
service httpd restart
Now to test the work u have done go to the browser and
https://wwwx.example.com
It will ask for accepting the certificate.
###################################################################################################
#Note: This thing worked out for me fine if u have any doubts feel free to mail to me at
#vijayaraj62@gmail.com
###################################################################################################
No comments:
Post a Comment