Create SSL Certificate for Apache2 on Debian

First install OpenSSL

# apt-get install openssl

Generate private key

# cd /etc/ssl/certs/
# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
............++++++
.....++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:(any pass phrase)
Verifying - Enter pass phrase for server.key:(the above pass phrase)

Disable password for private key (Otherwise apache will ask for them every time you start it)

# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:(the above pass phrase)
writing RSA key

Create server certificate request

# openssl req -new -days 3650 -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:TOKYO
Locality Name (eg, city) []:TOKYO
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Home Website
Organizational Unit Name (eg, section) []:Home Server
Common Name (e.g. server FQDN or YOUR name) []:(your server hostname or website domain)
Email Address []:admin@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:(nothing)
An optional company name []:(nothing)

Create server certification

# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=JP/ST=TOKYO/L=TOKYO/O=Home Website/OU=Home Server/CN=(your server hostname or website domain)/emailAddress=admin@example.com
Getting Private key

Change file permission to protect it

# chmod 400 server.*

Install SSL to your Apache2

# apt-get install apache2
# a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart
# vi /etc/apache2/sites-available/default-ssl

Edit the file default-ssl like this

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName (your server hostname or website domain):443

        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

(...)

        # SSL Engine Switch:
        # Enable/Disable SSL for this virtual host.
        SSLEngine on

        # A self-signed (snakeoil) certificate can be created by installing
        # the ssl-cert package. See
        # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        # If both key and certificate are stored in the same file, only the
        # SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/certs/server.key

(...)

Enable ssl and then restart apache2

# a2ensite default-ssl
# /etc/init.d/apache2 restart

Finally, enjoy your website with HTTPS.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s