Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Hardware and Server Configuration > How to generate SSL Key, CSR and Self-signed Certificate (SSR) in Linux Apache
forgot password?



Reply


Old
  Post #1 (permalink)   10-04-2011, 02:12 PM
HD Newbie
 
Join Date: Dec 2010
Posts: 47
Send a message via Skype™ to Netshop-Isp

Status: Netshop-Isp is offline
SSL Certificate is used to convert your website from http:// to https://. The protocol was created by Netscape to ensure secure transactions between web servers and browsers. It uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions.

In this article, we explain how to generate private key file (server.key), certificate signing request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache server with mod_ssl.

For the sake of example we will be using www.my-server.org as our domain.

1. Generate Private Key on the Server Running Apache + mod_ssl

The first step is to generate a private key on our Linux server that runs Apache webserver using openssl command:

Code:
# openssl genrsa -des3 -out www.my-server.org.key 1024
Generating RSA private key, 1024 bit long modulus
…………………………………++++++
……………………………………………++++++
e is 73547 (0×01001)
Enter pass phrase for my-server.org.key:
Verifying – Enter pass phrase for www.my-server.org.key:

# ls -ltr www.my-server.*
-rw-r–r– 1 root root   963 Oct 01 22:02 www.my-server.org.key

The generated private key looks like the following.
# cat www.my-server.org.key
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,485B3C6371C9916E

ymehJu/RowzrclMcixAyxdbfzQphfUAk9oK9kK2
jadfoiyqthakLKNqw9z1MoaqkPyqeHevUm26no
AJKIETHKJADFS2BGb0n61/Ksk8isp7evLM4+QY
KAQETKjdiahteksMJOjXLq+vf5Ra299fZPON7yr
—–END RSA PRIVATE KEY—–
2. Generate a Certificate Signing Request (CSR)

Using the key generate above, you should generate a Certificate Request file (CSR) using openssl:

Code:
# openssl req -new -key www.my-server.org.key -out www.my-server.org.csr
Enter pass phrase for www.my-server.org.key:
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:CY
State or Province Name (full name) [Berkshire]:Cyprus
Locality Name (eg, city) [Newbury]:Larnaca
Organization Name (eg, company) [My Company Ltd]: S.S. NetShop Internet Services Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []: myserver
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# ls -ltr www.thegeekstuff.*
-rw-r–r– 1 root root   963 Oct 01 22:02 www.my-sever.org.key
-rw-r–r– 1 root root   664 Oct 01 22:11 www.my-server.org.csr
3. Generate a Self-Signed SSL Certificate

For testing purpose, you can generate a self-signed SSL certificate that is valid for 1 year using openssl command:

Code:
# openssl x509 -req -days 365 -in www.my-server.org.csr -signkey www.my-server.org.key -out www.my-server.org.crt
Signature ok
subject=/C=CY/ST=Cyprus/L=Larnaca/O=ssnetshopinternetservicesltd/OU=IT/CN=www.my-server.org
Getting Private key
Enter pass phrase for www.my-server.org.com.key:# ls -l www.my-server*
-rw-r–r– 1 root root   963 Oct 01 22:02 www.my-server.org.key
-rw-r–r– 1 root root   664 Oct 01 22:11 www.my-server.org.csr
-rw-r–r– 1 root root   879 Oct 01 22:20 www.my-server.org.crt

# cat www.thegeekstuff.com.crt

—–BEGIN CERTIFICATE—–
haidfshoaihsdfAKDJFAISHTEIHkjasdjadf9w0BAQUFADCB
kjadfijadfhWQIOUQERUNcMNasdkjfakljasdBgEFBQcDAQ
kjdghkjhfortoieriqqeurNZXCVMNCMN.MCNaGF3dGUuY29
—–END CERTIFICATE—–
The above procedure can be used to generate Apache SSL Key, CSR and CRT file in most of the Linux, Unix systems including Ubuntu, Debian, CentOS, Fedora and Red Hat.
__________________
Leading Web Hosting Provider
Data Centers in Cyprus, Malta and United Kingdom
Web: https://www.netshop-isp.com.cy
Email: sales@netshop-isp.com.cy | Skype: netshopisp
 
 


Old
  Post #2 (permalink)   10-09-2011, 07:47 PM
HD Newbie
 
Join Date: Sep 2011
Posts: 16

Status: RobertMaltby is offline
Good bit of information there!!

Would you have any issues if people used this in their KB?
__________________
(Δ|Δ) Robert Maltby, Director of Sales and Marketing, Nuisoft Systems Inc
(Δ|Δ) Server Logix Δ Premium Web hosting Δ Virtual Private Servers Δ Dedicated Servers.
(Δ|Δ) Cloud North Δ Premium, Fully Managed Cloud Hosting
 
 
 


Old
  Post #3 (permalink)   10-09-2011, 10:39 PM
HD Newbie
 
Join Date: Dec 2010
Posts: 47
Send a message via Skype™ to Netshop-Isp

Status: Netshop-Isp is offline
Quote:
Originally Posted by RobertMaltby View Post
Good bit of information there!!

Would you have any issues if people used this in their KB?
I'm happy that it was helpful to you Robert! No problem to use it in your website. However, I would really appreciate a reference to the original post at http://www.netshop-isp.com.cy/v3/blog/
__________________
Leading Web Hosting Provider
Data Centers in Cyprus, Malta and United Kingdom
Web: https://www.netshop-isp.com.cy
Email: sales@netshop-isp.com.cy | Skype: netshopisp
 
 
 


Old
  Post #4 (permalink)   10-10-2011, 05:08 AM
HD Addict
 
Join Date: Sep 2011
Posts: 192

Status: zeropid is offline
Sure you can generate it by yourself but it won't be trustworthy
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: