1. Create a new certificates file.
2. Configure SSL
3. try to open https://127.0.0.1 at chrome/firefox/other browser
root
@www:~
# cd /etc/ssl/private
root
@www:/etc/ssl/private
# openssl genrsa -des3 -out server.key 2048
Generating RSA private key,
2048 bit long modulus
.+++
..+++
e is
65537 (
0x10001)
Enter pass phrase
for server.key:
# set passphrase
Verifying - Enter pass phrase
for server.key:
# confirm
# remove passphrase from private key
root
@www:/etc/ssl/private
# openssl rsa -in server.key -out server.key
Enter pass phrase
for server.key:
# passphrase
writing RSA key
root
@www:/etc/ssl/private
# openssl req -new -days 3650 -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
'.', the field will be left blank.
-----
Country Name (
2 letter code) [AU]:JP
# country
State or Province Name (full name) [Some-State]:Hiroshima
# state
Locality Name (eg, city) []:Hiroshima
# city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GTS
# company
Organizational Unit Name (eg, section) []:Server World
# department
Common Name (e.g. server FQDN or YOUR name) []:www.server.world
# server's FQDN
Email Address []:xxx
@server.world
# email address
Please enter the following
'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root
@www:/etc/ssl/private
# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.server.world/emailAddress=xxx
@server.world
Getting Private key
root
@www:/etc/ssl/private
# chmod 400 server.*root
@www:~
# vi /etc/apache2/sites-available/default-ssl
# line 3: change to webmaster's email
ServerAdmin webmaster
@server.world
# line 11,12: change
Options FollowSymLinks ExecCGI
AllowOverride All
# line 51,52: change
SSLCertificateFile /etc/ssl/private/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
root
@www:~
# a2ensite default-ssl
Enabling site default-ssl.
Run
'/etc/init.d/apache2 reload' to activate new configuration!
root
@www:~
# a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.
2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run
'/etc/init.d/apache2 restart' to activate new configuration!
root
@www:~
# service apache2 restart
* Restarting web server apache2
done.
-----------------------------------------------------
Silence, the way to avoid many problems;
Smile, the way to solve many problems;