Generate and Create SSL Certificate in Linux Ubuntu
Yesterday my SSL web certificate was expired and I have to generate it again. Last year I am only generate it for 1 year. More information you can visit this link.
For information :
My SSL Apache file are in this directory :
/etc/apache2/ssl-sites-available/example.com.ssl
/etc/apache2/ssl-sites-enabled/example.com.ssl
example.com.ssl configuration :
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
Now, let's generate :
jafar@dns1:~/sm2/ssl$ sudo openssl genrsa -des3 -out server.key 4096
jafar@dns1:~/sm2/ssl$ sudo openssl req -new -key server.key -out server.csr
jafar@dns1:~/sm2/ssl$ sudo openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt
Explanation :
1825 = it mean I will generate and use this certificate for 5 years (365 days * 5)
jafar@dns1:~/sm2/ssl$ sudo openssl rsa -in server.key -out server.key.insecure
jafar@dns1:~/sm2/ssl$ sudo mv server.key server.key.secure
jafar@dns1:~/sm2/ssl$ sudo mv server.key.insecure server.key
Explanation :
Make a version of the server.key which doesn't need a password
jafar@dns1:~/sm2/ssl$ sudo cp server.key /etc/apache2/ssl
jafar@dns1:~/sm2/ssl$ sudo cp server.crt /etc/apache2/ssl
jafar@dns1:~/sm2/ssl$ sudo /etc/init.d/apache2 stop
jafar@dns1:~/sm2/ssl$ sudo /etc/init.d/apache2 start
SSL Client Certificate
- roemasa's blog
- Add new comment
- 3261 reads
