Instalarea unui certificat SSL generat cu OpenSSL in Apache

Aici procedura este destul de simpla si incepe cu generarea certificatului SSL in conditiile in care presupunem ca Apache are incarcat deja mod_ssl si are creat cel putin un VirtualHost in /etc/apache2/sites-available.

Generarea certificatului se face cu comanda:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Apoi urmeaza sa completam cateva campuri, unde cel mai important este „Common Name” unde trebuie trecut numele de domeniu pentru care a fost generat certificatul.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:webmaster@domain.tld

Apoi se modifica VirtualHost-ul astfel:

<VirtualHost *:443>
ServerName example.com:443

iar lasfarsitul VirtulHost-ului se adauga liniile prin care apelam certificatul si cheia.

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Ultima faza este sa dam reload la apache: service apache2 reload si sa accesam linkul in browser folosind https://example.com

Leave a Reply

srv StandDuPp
Articole recente