Friday, November 9, 2012

Apache https SSL certificates

Generate certificates:

$ openssl genrsa -des3 -rand rand-seed1.gz:rand-seed2.gz -out server.key 2048
$ openssl rsa -in server.key -out server.pem
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 180 -in server.csr -signkey server.key -out server.crt

$ # remove password from key file:
$ openssl rsa -in server.key -out server.key.nopass

Apache conf:

SSLEngine on
SSLCertificateFile "/path-to-apache-ssl-folder/server.crt"
#SSLCertificateKeyFile "/path-to-apache-ssl-folder/server.pem"

SSLCertificateKeyFile "/path-to-apache-ssl-folder/server.key"
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

No comments: