Use APT to verify that OpenSSL is installed. If it is not present, APT downloads and
installs it automatically:
# apt-get install openssl
2. Generate a 1024-bit RSA private key and save it to a file:
# mkdir /etc/apache/ssl.key/
# cd /etc/apache/ssl.key/
# openssl genrsa -out server.key 1024
# chmod 600 server.key
You can use a filename other than server.key and should do so if you plan to have
more than one SSL host on your machine (which requires more than one IP address).
Just make sure you specify the correct filename in the Apache configuration later.
In higher-security environments, it is a good idea to encrypt the key by adding the -des3
argument after the genrsa argument on the openssl command line:
# openssl genrsa -des3 -out server.key 1024
3. You are asked for a passphrase, which is needed every time you start Apache.
Do not lose this passphrase because it cannot be easily recovered.
4. If you plan to have your certificate signed by a CA (including one that you run yourself),
generate a public key and a certificate signing request (CSR):
# mkdir ../ssl.csr/
# cd ../ssl.csr/
# openssl req -new -key ../ssl.key/server.key -out server.csr
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Washington
Locality Name (eg, city) []:Bellingham
Organization Name (eg, company) [Internet Widgits Pty
Ltd]:Example Company, LTD.
Pages:
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233