Generate an apache certificate (https application)

# Cd/usr/local/apache2/certificate # cdssl. the ca-0.1 generates the root certificate: #./new-root-ca.sh (generate the root certificate) NoRootCAkeyround. GeneratingoneGeneratingRSAprivatekey ,...

# Cd/usr/local/apache2/conf
# Tar zxvf ssl.ca-0.1.tar.gz
# Cd ssl. ca-0.1
Generate the root certificate:
#./New-root-ca.sh (generate root certificate)
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...
... ++
E is 65537 (0x10001)
Enter pass phrase for ca. key: (Enter a password)
Verifying-Enter pass phrase for ca. key: (Enter the password again)
......
Self-sign the root CA... (sign the root certificate)
Enter pass phrase for ca. key: (Enter the password you just set)
........
...... (Signing starts below)
Country Name (2 letter code) [MY]: CN
State or Province Name (full name) [Perak]: HaiNan
Locality Name (eg, city) [Sitiawan]: HaiKou
Organization Name (eg, company) [My Directory Sdn Bhd]: Wiscom System Co., Ltd
Organizational Unit Name (eg, section) [Certification Services Division]: ACSTAR
Common Name (eg, MD Root CA) []: WISCOM CA
Email Address []: acmail@wiscom.com.cn

In this way, the ca. key and ca. crt files are generated. The following also generates a certificate for our server:
Generate server certificate:
#./New-server-cert.sh server (the certificate name is server)
......
......
Country Name (2 letter code) [MY]: CN
State or Province Name (full name) [Perak]: HaiNan
Locality Name (eg, city) [Sitiawan]: HaiKou
Organization Name (eg, company) [My Directory Sdn Bhd]: Wiscom System Co., Ltd
Organizational Unit Name (eg, section) [Secure Web Server]: ACSTAR
Common Name (eg, www.domain.com) []: acmail.wiscom.com.cn
Email Address []: acmail@wiscom.com.cn

In this way, the two files server. csr and server. key are generated.
Sign the server certificate:
#./Sign-server-cert.sh server
CA signing: server. csr-> server. crt:
Using configuration from ca. config
Enter pass phrase for./ca. key: (Enter the root certificate password set above)
Check that the request matches the signature
Signature OK
The Subject's Distinguished Name is as follows
CountryName: PRINTABLE: 'cn'
StateOrProvinceName: PRINTABLE: 'Jiangsu'
LocalityName: PRINTABLE: 'nanjing'
OrganizationName: PRINTABLE: 'wiscom System Co., Ltd'
OrganizationalUnitName: PRINTABLE: 'acstar'
CommonName: PRINTABLE: 'acmail .wiscom.com.cn'
EmailAddress: IA5STRING: 'acmail @ wiscom.com.cn'
Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days)
Sign the certificate? [Y/n]: y
1 out of 1 certificate requests certified, commit? [Y/n] y
Write out database with 1 new entries
Data Base Updated
CA verifying: server. crt <-> CA cert
Server. crt: OK
(If an error occurs here, you 'd better try again, delete the directory ssl. ca-0.1 and start again from the extract .)

Set the certificate in ssl. conf to the appropriate location.
# Chmod 400 server. key
# Cd ..
# Mkdir ssl. key
# Mv ssl. ca-0.1/server. key ssl. key
# Mkdir ssl. crt
# Mv ssl: ca-0.1/server. crt ssl. crt

Then you can start it!

# Cd/usr/local/apache2
#./Bin/apachectl startssl

Author: "sky-Peng"