1. First to generate the server-side private key (key file):
OpenSSL genrsa-des3-out Server.key 1024
The runtime prompts for a password, which is used to encrypt the key file
command to remove the key file password:
OpenSSL rsa-in server.key-out Server.key
2.openssl Req-new-key server.key-out server.csr-config openssl.cfg
Generate the Certificate Signing request (CSR), and the resulting CSR file is handed to the CA to form its own certificate. The screen will prompt you to enter the required personal information in step steps according to its instructions.
3. The same command is generated for the client to generate key and CSR files:
OpenSSL genrsa-des3-out Client.key 1024
OpenSSL req-new-key client.key-out client.csr-config openssl.cfg
4.CSR files must be signed by a CA to form a certificate. This file can be sent to VeriSign and other places to be verified by it. Build yourself:
OpenSSL req-new-x509-keyout ca.key-out ca.crt-config openssl.cfg
5. Sign the SERVER.CSR,CLIENT.CSR file that you just generated with the certificate of the generated CA:
Openssl ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config openssl.cfg
Openssl ca-in client.csr-out client.crt-cert ca.crt-keyfile ca.key-config openssl.cfg
PS: Update the contents of the index.txt.attr file to Unique_subject = No if you report an error such as update database
Note: There is an error: Using configuration from/usr/share/ssl/openssl.cfg I am unable to access the./democa/newcerts directory./demo Ca/newcerts:no such file or directory
WORKAROUND: 1). mkdir-p./democa/newcerts
2). Touch Democa/index.txt
3). Touch democa/serial
4). Echo > Democa/serial
6. Merge certificate file (CRT) and private key file (key)
1). Cat Client.crt Client.key > Client.pem
2). Cat Server.crt Server.key > Server.pem
7. Merge into a PFX certificate
1). OpenSSL pkcs12-export-clcerts-in Client.crt-inkey client.key-out client.p12
2). OpenSSL pkcs12-export-clcerts-in Server.crt-inkey server.key-out server.p12
8. Textual Certificate
1). OpenSSL pkcs12-in client.p12-out client.txt
2). OpenSSL pkcs12-in server.p12-out server.txt
9. Screen mode explicit: (certificate, private key, public key)
1). OpenSSL x509-in Client.crt-noout-text-modulus
2). OpenSSL rsa-in Server.key-noout-text-modulus
3). OpenSSL rsa-in Server.pub-noout-text-modulus
10. Get DH
1). OpenSSL dhparam-out Dh1024.pem 1024
(8) Editing the Apache configuration file httpd.cfg
Open: LoadModule ssl_module modules/mod_ssl.so
Remove the comment from the following statement, Include Conf/extra/httpd-ssl.cfg
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.cfg
#
(9) Edit conf/extra/httpd-ssl.cfg
<virtualhost *:443>
Sslengine on
Sslcertificatefile CONF/SSL/SERVER.CRT
Sslcertificatekeyfile Conf/ssl/server.key
Sslcertificatechainfile CONF/SSL/CA.CRT
</VirtualHost>
Cd/usr/local/apache/conf
OpenSSL genrsa-des3-out Server.key 1024
OpenSSL Req-new-key server.key-out server.csr-config/usr/local/ssl/openssl.cfg
OpenSSL req-new-x509-keyout ca.key-out ca.crt-config/usr/local/ssl/openssl.cfg
Mkdir-p./democa/newcerts
Touch Democa/index.txt
Touch democa/serial
echo > Democa/serial
OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config/usr/local/ssl/openssl.cfg
Bin/apachectl start
OpenSSL generates an HTTPS certificate (GO)