68
edits
Changes
From Amahi Wiki
→Generate your own certificates
== Generate your own certificates ==
'''NOTE:''' Leaving defaults will not make your server less secure. Make sure that you change "asecretpassword" in the commands below to something else. Otherwise any commands which don't have "asecretpassword" in it can be copied and pasted. This has to do with the challenge password for the private key. If you don't understand what I mean then you should read about [http://en.wikipedia.org/wiki/Public-key_cryptography public-key cryptography] which is essentially what SSL uses.
Create a sub-folder of '''/etc/httpd/''' called '''ssl.crt'''<pre><nowiki>mkdir /etc/httpd/ssl.crt</nowiki></pre>Generate a new Secure key file, called server.key.org, and output the file to /etc/httpd/ssl.crt (our newly created folder) '''**REMEMBER TO CHANGE "asecretpassword" TO A PASSWORD OF YOUR CHOICE**'''. <pre><nowiki>openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org 1024Create server.crt and server.csr from our newly self-generated key (server.key.org):<pre><nowiki>openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.csr -days 3650openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -in /etc/httpd/ssl.crt/server.csr -out /etc/httpd/ssl.crt/server.crt -days 3650</nowiki></pre>Create a thrid file, server.key, from from our self-generated key (server.key.org):<pre><nowiki>openssl rsa -passin pass:asecretpassword -in /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.key</nowiki></pre>Create another sub-folder of '''/etc/httpd/''' called '''ssl.key''', and move our newly created server.key to this folder.<pre><nowiki>mkdir /etc/httpd/ssl.key
mv /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key
chmod 400 /etc/httpd/ssl.key/server.key</nowiki></pre>
