mkdir keys
cd keys
Create response file
touch csr_details.txtnano csr_details.txt
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
C=LV
ST=Latvia
L=Riga
O=Company
OU=Department
emailAddress=giors@lv
CN = server.company.com
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = server.company.com
DNS.2 = server.lan
Create key and request file
openssl genrsa -out server.key 2048Generating RSA private key, 2048 bit long modulus
.......................+++
........................+++
e is 65537 (0x10001)
openssl req -new -sha256 -nodes -key server.key -out server.lan.csr -config <( cat csr_details.txt )
Copy csr file content to request for Certification authority.
After certificate is issued, copy issued certificate in crt file.
touch server.lan.crt
nano server.lan.crt
Create directory for certificates
mkdir /etc/apache2/ssl
cd ssl
Copy key and certificate to apache directory
cp ~/keys/server.key ./apache.key
cp ~/keys/server.lan.crt ./apache.crt
Modify apache files
Add certificates path to ssl.conf filenano /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName nfsen.pvd.lan
DocumentRoot /var/www/yourwebdirectory
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Instruct port 80 to redirect to port 443
nano /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName server.lan
ServerAdmin webmaster@localhost
DocumentRoot /var/www/yourwebdirectory
Redirect permanent / https://server.lan/
Enable sites and mods
Enable ssl liste
a2ensite default-ssl.conf
Enable ssl on Apache
a2enmod ssl
Finally restart apache server
service apache2 restart
Thats it!
Nav komentāru:
Ierakstīt komentāru