About SSL certificates
SSL certificates are used to encrypt site information and create a safer connection. In addition, the certificate can display the VPs identity information to site visitors. The Certificate Authority issues an SSL certificate to verify detailed information about the server, while a self-signed certificate lacks proof from a third-party organization.
Set
The following tutorial requires the root permission on VPs.
In addition, you need to install and run Apache on your virtual server. If not, run the following command:
Sudo apt-Get install apache2
Step 1-enable the SSL module
Next enable SSL
Sudo a2enmod SSL
Restart Apache
Sudo service apache2 restart
Step 2 -- create a folder
We need to create a new folder to store the server key and certificate.
Sudo mkdir/etc/apache2/SSL
Step 3 -- create a self-Signed SSL Certificate
When we request a new certificate, we can modify the number 365 to specify the validity period of the certificate. The following content indicates that the certificate will expire after one year.
Sudo OpenSSL req-X509-nodes-days 365-newkey RSA: 2048-keyout/etc/apache2/SSL/Apache. Key-out/etc/apache2/SSL/Apache. CRT
With this command, we can create a self-Signed SSL certificate and a server key that protects the certificate, and store them in the new folder.
This command will display a series of fields to be filled in on the terminal.
The most important line is "common name ". Enter your domain name here. If it is useless, enter the IP address of the website.
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a distinguished name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country name (2 letter code) [au]: CN
State or province name (full name) [some-State]: Sichuan
Locality name (eg, city) []: CD
Organization Name (eg, company) [Internet widgits Pty Ltd]: tntc4stl3 Inc
Organizational unit name (eg, section) []: R & D
Common name (e.g. Server FQDN or your name) []: example.com
Email Address []: [email protected]
Step 4 -- set the certificate
Now we have all the components required for the certificate. The next thing is to configure the VM to display the new certificate.
Open the SSL configuration file:
Nano/etc/apache2/sites-available/default-SSL
Make the following changes to the block starting with <virtualhost_default _: 443>.
Under Server Admin email, add a new line containing your server name:
Servername example.com: 443
Replace example.com with the domain name or IP address (which should be the same as the common name of the certificate.
Find the following three lines to make sure they are the same as the following expressions:
Sslengine on
Sslcertificatefile/etc/apache2/SSL/Apache. CRT
Sslcertificatekeyfile/etc/apache2/SSL/Apache. Key
Save and exit the file.
Step 5: Enable a new VM
Before the website is activated on port 443, We need to enable the VM:
Sudo a2ensite default-SSL
You have completed all settings. Restarting the Apache server will reload all your changes.
Sudo service apache2 reload
Enter https: // your address in the browser and you will see the new certificate.
Original article: http://tntcastle.net/2013/12/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04/