Although the server was established using the Make Certificate command when Mod_ssl was installed
Signature of the certificate, but sometimes you may need to change it.
Of course there are a lot of automated scripts that can be implemented, but the surest way is to hand-sign
Certificate.
First of all I assume that you have installed OpenSSL and mod_ssl, if your OpenSSL is installed
Prefix is set to/usr/local/openssl, then add/usr/local/openssl/bin to the
Executes the file lookup path. You also need to mod_ssl a script in the source code, which is in the Mod_ssl
In the Pkg.contrib directory under the source code directory tree, the file name is sign.sh.
Copy it to the/usr/local/openssl/bin.
Establish a CA's certificate first,
First, create an RSA private key for the CA,
[S-1]
OpenSSL genrsa-des3-out Ca.key 1024
The system prompts you to enter the PEM pass phrase, which is the password, and remember it when you enter it.
Generate the Ca.key file, change the file property to 400, and keep it in a safe place.
[S-2]
chmod Ca.key
You can use the following command to view its contents,
[S-3]
OpenSSL rsa-noout-text-in Ca.key
Create a self-signed CA certificate (X.509 structure) with the CA's RSA key
[S-4]
OpenSSL req-new-x509-days 3650-key ca.key-out ca.crt
Then you need to enter the following information:
Country NAME:CN Two-letter state code
State or province Name:an Hui province name
Locality Name:bengbu city Name
Organization Name:family Network company name
Organizational Unit Name:home Department name
Common Name:chen Yang, your name.
Email address:sunstorm@263.net Email Address
Generate the Ca.crt file, change the file property to 400, and keep it in a safe place.
[S-5]
chmod CA.CRT
You can use the following command to view its contents,
[S-6]
OpenSSL x509-noout-text-in Ca.crt
The following creates a server certificate signing request.
First create an RSA private key for your Apache:
[S-7]
OpenSSL genrsa-des3-out Server.key 1024
Pass phrase also be set here.
Generate the Server.key file, change the file property to 400, and keep it in a safe place.
[S-8]
chmod Server.key
You can use the following command to view its contents,
[S-9]
OpenSSL rsa-noout-text-in Server.key
Use Server.key to generate certificate signing request CSR.
[S-10]
OpenSSL Req-new-key server.key-out SERVER.CSR
Enter some information here, similar to what is in [S-4].
As for ' extra ' attributes not input.
You can check the CSR details
[S-11]
OpenSSL req-noout-text-in SERVER.CSR
You can sign the certificate below, you need to use the script sign.sh
[S-12]
Sign.sh SERVER.CSR
We can get server.crt.
Change the file property to 400 and keep it in a safe place.
[S-13]
chmod SERVER.CRT
Delete CSR
[S-14]
RM SERVER.CSR
Last Apache settings
If your Apache compilation parameter prefix is/usr/local/apache,
Then copy server.crt and Server.key to/usr/local/apache/conf.
Modify Httpd.conf
Change the following argument to:
Sslcertificatefile/usr/local/apache/conf/server.crt
Sslcertificatekeyfile/usr/local/apache/conf/server.key
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.