Creating Self-Signed Certs on Apache 2.2
This page will walk though the process of creating a secure Self_Signed Certificate for Apache2. In order to get started you will need to make sure that OpenSSL is installed. If it is not install, refer to the site: http://www.openssl.org on how to install the software.
===== Getting Started =====
Need to generate a key. So will enter the fallowing command:
openssl genrsa -des3 -out newca.key 4096
After awhile it will prompt you to enter the fallowing information:
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Create a certificate and sign it. This example certificate will last 365 days:
openssl req -new -key newca.key -out newca.csr
openssl x509 -req -days 365 -in newca.csr -signkey newca.key -out newca.crt
===== Getting around Apache prompt =====
If the cert is protected with a password, by default Apache will prompt for the password when it starts. This can be a problem since you will need to enter the password each time Apache is restarted. We can fix this by having Apache call a program that gives the password to Apache. Will create a script in /etc/apache2/ssl name password.sh. Then add the fallowing into the script:
^ /etc/apache2/ssl/password.sh ^
| #!/bin/bash |
| echo ‘password’; |
Change the password to something better. For example: idon7kn0w or ugh1d0ntl1kepassw0rd5
In you Apache config files edit where the SSLPassPhraseDialog is at and add exec:/etc/apache/ssl/password.sh
^ /etc/apache2/modules.d/40_mod_ssl.conf ^
| exec:/etc/apache/ssl/password.sh |
| |
SSLPassPhraseDialog exec:/etc/apache2/ssl/password.sh
Now the needs to be executable:
chmod a+x /etc/apache2/ssl/password.sh
If the SSLPassPhraseDialog does not work, Then you will need to generate and key and cert that will not prompt for a password. To do that enter the fallowing commands and copy the key into your apache ssl folder.
openssl rsa -in newca.key -out newca.key.insecure
mv newca.key newca.key.secure
mv newca.key.insecure newca.key
Source: http://www.tc.umn.edu/~brams006/selfsign.html