How to generate SSL Key, CSR and Self-signed Certificate (SSR) in Linux Apache
SSL Certificate is used to convert your website from http:// to https://. The protocol was created by Netscape to ensure secure transactions between web servers and browsers. It uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions.
In this article, we explain how to generate private key file (server.key), certificate signing request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache server with mod_ssl.
For the sake of example we will be using www.my-server.org as our domain.
1. Generate Private Key on the Server Running Apache + mod_ssl
The first step is to generate a private key on our Linux server that runs Apache webserver using openssl command:
| # openssl genrsa -des3 -out www.my-server.org.key 1024 Generating RSA private key, 1024 bit long modulus …………………………………++++++ ……………………………………………++++++ e is 73547 (0×01001) Enter pass phrase for my-server.org.key: Verifying – Enter pass phrase for www.my-server.org.key: # ls -ltr www.my-server.* |
The generated private key looks like the following.
| # cat www.my-server.org.key —–BEGIN RSA PRIVATE KEY—– Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,485B3C6371C9916E ymehJu/RowzrclMcixAyxdbfzQphfUAk9oK9kK2 |
2. Generate a Certificate Signing Request (CSR)
Using the key generate above, you should generate a Certificate Request file (CSR) using openssl:
| # openssl req -new -key www.my-server.org.key -out www.my-server.org.csr Enter pass phrase for www.my-server.org.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank. —– Country Name (2 letter code) [GB]:CY State or Province Name (full name) [Berkshire]:Cyprus Locality Name (eg, city) [Newbury]:Larnaca Organization Name (eg, company) [My Company Ltd]: S.S. NetShop Internet Services Ltd Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server’s hostname) []: myserver Email Address []: Please enter the following ‘extra’ attributes # ls -ltr www.thegeekstuff.* |
3. Generate a Self-Signed SSL Certificate
For testing purpose, you can generate a self-signed SSL certificate that is valid for 1 year using openssl command:
| # openssl x509 -req -days 365 -in www.my-server.org.csr -signkey www.my-server.org.key -out www.my-server.org.crt Signature ok subject=/C=CY/ST=Cyprus/L=Larnaca/O=ssnetshopinternetservicesltd/OU=IT/CN=www.my-server.org Getting Private key Enter pass phrase for www.my-server.org.com.key:# ls -l www.my-server* -rw-r–r– 1 root root 963 Oct 01 22:02 www.my-server.org.key -rw-r–r– 1 root root 664 Oct 01 22:11 www.my-server.org.csr -rw-r–r– 1 root root 879 Oct 01 22:20 www.my-server.org.crt # cat www.thegeekstuff.com.crt |
The above procedure can be used to generate Apache SSL Key, CSR and CRT file in most of the Linux, Unix systems including Ubuntu, Debian, CentOS, Fedora and Red Hat.
Sign up for an SSL Certificate with Netshop Internet Services
Tags: apache, csr, generate, linux, mod_ssl, openssl, ssl
Cloud Hosting, Cyprus VPS Hosting, Dedicated Servers, UK Dedicated Servers, UK VPS Hosting, VPS Hosting, Web Hosting | Mike | 
October 3, 2011 1:05 AM
Subscribe
