RSS Feed
Reply to comment
Apache Web Server - How To Create Self-Signed SSL Certificates
Submitted by devans on Thu, 2010-02-04 18:18I was recently asked if I had any documentation on how to create a self-signed SSL certificate for the Apache Web Server. As luck would have it, I indeed had exactly such an item!
With this in mind I have decided to add this information here also for all to share.
While this is targeted at creating a self-signed certificate, it can also be used to submit to a certificate authority.
In the following example I am assuming that you have chosen to install a pre-compiled Win32 Binary that already includes OpenSSL.
While Windows is the install of choice here, the syntax remains pretty much the same, only the file and directory structure differ. As such, if you are using Linux, Mac OS or something else just adjust the directory locations for your particular install.
The directory structure for this example is setup as follows:
c:\www\apache22\conf
c:\www\apache22\conf\ssl.key
c:\www\apache22\conf\ssl.crt
c:\www\openssl\bin
To begin, open a command prompt and navigate to:
c:\www\openssl\bin
Next, type the following to generate your key.
c:\www\openssl\bin>openssl genrsa -out c:\www\apache22\conf\ssl.key\local_server.key 1024
With the key created, we are ready to create the CSR (Certificate Signed Request) that will be used to generate the Self-Signed Certificate.
Onceagain at the command prompt, type the following:
c:\www\openssl\bin>openssl req -new -key c:\www\apache22\conf\ssl.key\local_server.key -out c:\www\apache22\conf\ssl.key\local_server.csr
You will then be prompted with a series of requests that will be incorporated into your certificate request.
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: Florida
Locality Name (eg, city) []: Viera
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Poscribes
Organizational Unit Name (eg, section) []: Poscribes Web
and then most importantly the common name otherwise known as the domain name that will be used with your SSL secured website.
Common Name (eg, YOUR name) []: www.poscribes.com
Email Address []: webmaster@poscribes.com
For the next item, leave it blank and just hit enter.
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
Optionally, you could specify a department name or some other identifier here.
An optional company name []:
Now that we have generated the certificate signed request we can go ahead and generate a Self-Signed Certificate.
(NOTE: The following should all be entered in one continuous string with no line breaks)
C:\www\openssl\bin>openssl x509 -req -days 365 -in c:\www\apache22\conf\ssl.key\local_server.csr -signkey
c:\www\apache22\conf\ssl.key\local_server.key -out c:\www\apache22\conf\ssl.crt\local_server.crt
That's it!
The self-signed certificate has now been generated.
Remember to change the respective SSLCertificateFile and SSLCertificateKeyFile entries in your SSL.CONF file to match the respective certificate and key values entered.
Restart the Apache Web Service and voila you have an SSL secured web site with a self-signed certificate!
Enjoy!