Friday, 5 July 2013

SSL Configuration for Apache

First make sure that apache installations and SSL changes have done, now use these below steps to configure SSL certificates.

Step 1 : Move to "extra" directory of apache.

Ex: cd /APACHE_HOME/conf/extra

Step 2: Generate Private Key on the Server Running Apache + mod_ssl

Ex: openssl genrsa -des3 -out .key 4096
So your result will be : .key

Step 3: Generate a Certificate Signing Request (CSR)

Ex: openssl req -new -key .key –out .csr
So your result will be : .csr

Step 4: Generate a Self-Signed SSL Certificate

Ex: openssl x509 -req -days 365 -in .csr –signkey .key -out .crt
So your result will be : .crt

Step 5: Generate a CA file

Ex: openssl req -new -x509 -days 365 -key in .key -out in .ca
So your result will be : .ca

Step 6: Generate a DER file

Ex: openssl x509 -in .crt -out .der.crt -outform DER
So your result will be : .der.crt

Step 7: Removal of Passphrase (Optional if you want to remove passphrase)

Ex: openssl rsa -in .key -out new.key
So your result will be : new.key
Now copy that “new.key” to “.key” 
Ex : cp new.key .key .

Step 8: Finally copy .key and .crt to /APACHE_HOME/conf/, so use

Ex : cp .key /APACHE_HOME/conf/
cp .crt /APACHE_HOME/conf/

Note : You can change the key capacity to higher or lower (i have given 4096==4 MB) and also key validity to more days (i have given 365==1 Year).

Now you are done with your SSL certificates.