Secure Sockets Layer

From Organic Design wiki
Revision as of 10:51, 24 April 2013 by Nad (talk | contribs) (better process that works for Apache or NGiNX)
Procedure.svg Secure Sockets Layer
Organic Design procedure

Our convention is to keep all the certificates in /var/www/ssl, so first change the current directory to that and create the certificate with the following command format. Ensure the common name (cn) is entered as a wildcard such as *.foo.com so that the certificate applies to all the sub-domains such as www.foo.com or webmail.foo.com etc. This certificate format will work for both Apache and NGiNX.

First we need to create a private key. Note that this process will require a pass-phrase for the key - don't worry, we'll remove it later to make things easier, 

openssl genrsa -des3 -out ssl.key 1024


Now we need to create a CSR (Certificate Signing Request): 

openssl req -new -key ssl.key -out ssl.csr


Now we need to remove the pass-phrase otherwise it'll prevent the web-server from restarting without it being entered (you'll need to enter the pass-phrase to remove it though), 

cp ssl.key ssl-pass.key
openssl rsa -in ssl-pass.key -out ssl.key


Now we can generate the actual certificate: 

openssl x509 -req -days 3650 -in ssl.csr -signkey ssl.key -out ssl.crt
Retrieved from "https://organicdesign.nz/wiki/index.php?title=Secure_Sockets_Layer&oldid=113954"