Open your Apache configuration file in a text editor.Otherwise, you will need to make a copy of the existing non-secure virtual host, paste it below, and change the port from port 80 to 443. If you only have one Apache virtual host to secure and you have an ssl.conf file being loaded, you can just edit that file. Now, you just need to configure your Apache virtual host to use the SSL certificate. When the command is finished running, it will create two files: a mysitename.key file and a mysitename.crt self signed certificate file valid for 365 days. The common name should be the fully qualified domain name for the site you are securing (You can leave the email address, challenge password, and optional company name blank. You will be prompted to enter your organizational information and a common name. Openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt Once you have OpenSSL installed, just run this one command to create an Apache self signed certificate: If it is not, you will need to download a package or compile it from its source. If you are on another type of server, try running “openssl” on the command line to see if OpenSSL is already installed. If you are installing the self signed certificates on Windows, grab the Windows version of OpenSSL (If you get an error when you run the installer, you may need to download the Visual C++ 2008 Redistributables listed on that page first). Now, let’s create one: First, we need to make sure OpenSSL is installed. Great! So now you know when to use an Apache self signed certificate and when not to. Generate Your Apache Self Signed Certificate Just lay down a few dollars on a trusted cheap SSL certificate or a free SSL certificate. You should never use a self signed certificate on an e-commerce site or any site that transfers valuable personal information like credit cards, social security numbers, etc. Just keep in mind that visitors will see a warning in their browsers (like the one below) when connecting to an Apache site that uses a self signed certificate until it is permanently stored in their certificate store. If you have a small personal site that transfers non-critical information, there is very little incentive for someone to attack the connection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |