Monday, February 16, 2009

Installation of SSL Certificates (self signed) in Debian

Step 1: Make sure that openssl is installad along with apache, otherwise

apt-get install openssl

Step 2: Install the self signed certificate

root@web:mkdir /etc/apach2/ssl
root@web:/etc/apache2/ssl# openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/certificate.pem -keyout /etc/apache2/ssl/certificate.pem

Generating a 1024 bit RSA private key
..............................++++++
.................................++++++
writing new private key to '/etc/apache2/ssl/certificate.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:NO
State or Province Name (full name) [Some-State]:Oslo
Locality Name (eg, city) []:Oslo
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Fizaan
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:www.fizaan.com
Email Address []:postmaster@fizaan.com

root@web:/etc/apache2/ssl# ls
certificate.pem

Step 3: Provide path to certificate in apach2 configuration file /etc/apache2/sites-available/defau
lt


ServerAdmin postmaster@fizaan.com
ServerName www.fizaan.com
ServerAlias www
DocumentRoot /var/www/site
SSLEngine on
SSLCertificateFile ssl/certificate.pem

Ste 4: Restart the apache2 and test the site


root@web:/etc/init.d/apache2 stop
root@web:/etc/init.d/apache2 start

Open browser and visit the site name www.fizaan.com, view the certificate.
These certificate the good for demo site or intranet but for commercial you should buy.

Buying Certificate from Third party


Step 1: Provide your CSR

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

Step 2: provide the details to third company e.g COMODO SSL, VeriSign


Step 3: After processing the third comapny shall give you back the file and place it in the path of ssl in apache2 virtualhost file.

References

http://www.debuntu.org/how-to-create-a-self-signed-certificate
https://secure.instantssl.com/products/SSLIdASignup1a
http://www.verisign.com/ssl/buy-ssl-certificates/

1 comment:

Cheap SSL said...

Why use self signed Certificate when SSL Certificate is available at only $9/yr from www.sslmatrix.com