I assume you already have Fedora 23 25 installed with Amahi up and running.

'''NOTE:''' Leaving defaults will not make your server less secure. Make sure that you change "asecretpassword" in the commands below to something else. Otherwise any commands which don't have "asecretpassword" in it can be copied and pasted. This has to do with the challenge password for the private key. If you don't understand what I mean then you should read about [http://en.wikipedia.org/wiki/Public-key_cryptography public-key cryptography] which is essentially what SSL uses. As of Chrome version 58, the Chrome browser requires SSL certificates to use SAN (Subject Alternative Name) and has removed Common Name (CN). Using a CN will produce an error within the Security Overview section of the certificate, telling the user that the SAN is missing. A new method of creating the certificate is required. 1. Change directory to /etc/httpd/, and switch users <pre><nowiki>cd /etc/httpd/sudo -s</nowiki></pre> 2. Create a new file createRootCA.sh using vi, nano, or your favorite text editor. <pre><nowiki>#!/usr/bin/env bashmkdir ~/ssl/openssl genrsa -des3 -out ~/ssl/rootCA.key 2048openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem</nowiki></pre> 3. Now create another file createselfsignedcertificate.sh: <pre><nowiki>#!/usr/bin/env bashmkdir /etc/httpd/ssl.crtmkdir /etc/httpd/ssl.keyopenssl req -new -sha256 -nodes -out /etc/httpd/ssl.crt/server.csr -newkey rsa:2048 -keyout /etc/httpd/ssl.crt/server.key -config <( cat /etc/httpd/server.csr.cnf )openssl x509 -req -in /etc/httpd/ssl.crt/server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out /etc/httpd/ssl.crt/server.crt -days 3650 -sha256 -extfile v3.ext</nowiki></pre> 4. Create the configuration file server.csr.cnf. <pre><nowiki>[req]default_bits = 2048prompt = nodefault_md = sha256distinguished_name = dn [dn]C=USST=MarylandL=AnnapolisO=Home AdministratorOU=HDA DomainemailAddress=your-address@your-domain.comCN = localhost</nowiki></pre> 5. Now, create a file called v3.ext for the x509 v3 certificate <pre><nowiki>authorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEnciphermentsubjectAltName = @alt_names [alt_names]DNS.1 = localhostDNS.2 = ''hostname.yourdomain''DNS.2 = hdaDNS.3 = hda.''yourdomain''DNS.4 = cockpit.''yourdomain''</nowiki></pre> 6. Now it's time to create your certificates. Run createRootCA.sh. Follow the prompts <pre><nowiki>bash ./createRootCA.sh</nowiki></pre> Then createselfsignedcertificate.sh

1. Create a sub-folder of '''/etc/httpd/''' called '''ssl.crt'''<pre><nowiki>mkdir /etc/httpd/ssl.crt</nowiki></pre>2. Generate a new Secure key file, called server.key.org, and output the file to /etc/httpd/ssl.crt (our newly created folder) '''**REMEMBER TO CHANGE "asecretpassword" TO A PASSWORD OF YOUR CHOICE**'''. <pre><nowiki>openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org 1024</nowiki></pre>The output should look something like:{{META_BOX_Green||Generating RSA private key, 1024 bit long modulus<br>.........++++++<br>....++++++<br>e is 65537 (0x10001)}}3. Create server.crt and server.csr from our newly self-generated key (server.key.org):<pre><nowiki>openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/sslbash .crt/servercreateselfsignedcertificate.csr -days 3650shopenssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -in /etc/httpd/ssl.crt/server.csr -out /etc/httpd/ssl.crt/server.crt -days 3650</nowiki></pre>The output of these files will look something like:{{META_BOX_Green||You are about to be asked to enter information that will be incorporated<br>into your certificate request.<br>What you are about to enter is what is called a Distinguished Name or a DN.<br>There are quite a few fields but you can leave some blank<br>For some fields there will be a default value,<br>If you enter '.', the field will be left blank.<br><nowiki>-----</nowiki><br>Country Name (2 letter code) [XX]:<br>State or Province Name (full name) [ ]:<br>Locality Name (eg, city) [Default City]:<br>Organization Name (eg, company) [Default Company Ltd]:<br>Organizational Unit Name (eg, section) [ ]:<br>Common Name (eg, your name or your server's hostname) [ ]:<br>Email Address [ ]:<br><br>Please enter the following 'extra' attributes<br>to be sent with your certificate request<br>A challenge password [ ]:An optional company name [ ]:}}You should make entries at each stage in the second section (after Country Name...).

47. Create a thrid file, Copy your newly created server.key, from from our self-generated key (server.key.org):<pre><nowiki>openssl rsa -passin pass:asecretpassword -in /etc/httpd/to the ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.key</nowiki></pre>5. Create another sub-folder of '''/etc/httpd/''' called '''ssl.key''', and move our newly created server.key to this folderdirectory.<pre><nowiki>mkdir /etc/httpd/ssl.keymv cp /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key

Now that you're done go ahead and visit '''<nowiki>http://hda</nowiki>''' and watch it turn into '''<nowiki>https://hda</nowiki>'''! Understand that the certificates you generated have not been verified by a certificate authority so you'll need to confirm a security exception.