Tuesday 4 September 2012

configure httpd to use a SSL certificate signed by a certifying authority

You will need to use the CA created using configure-certificate-authority-ca

Install apache and mod_ssl packages
#yum install httpd mod_ssl -y

Create a key
#openssl genrsa -out server.example.com.key 1024

Create a certificate signing request
#openssl req -new -key server.example.com.key -out server.example.com.csr

Sign the certificate with the CA
#cp server.example.com.csr /etc/pki/CA/newreq.pem
#/etc/pki/tls/misc/CA.pl -sign

Copy the signed cert somewhere into the /var/www tree somewhere or make sure that it has the correct security context
#mkdir /var/www/certs
#mv /etc/pki/CA/newreq.pem /var/www/certs/server.example.com.crt
#mv server.example.com.key /var/www/certs/server.example.com.key

Edit /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /var/www/certs/server.example.com.cert
SSLCertificateKeyFile /var/www/certs/server.example.com.key

Restart apache
#service httpd restart

Test connection!
Posted by at

2 comments:

  1. Unknown3 July 2013 at 03:53

    nice

    ReplyDelete
  2. englinux25 October 2013 at 12:53

    you have an error in this line you copy the csr
    #mv /etc/pki/CA/newreq.pem /var/www/certs/server.example.com.crt
    you must copy the cert
    #mv /etc/pki/CA/newcert.pem /var/www/certs/server.example.com.crt

    and thanks for your effort

    ReplyDelete

Subscribe to: Post Comments (Atom)