Click here to load reader
Upload
james-labonte
View
1.441
Download
0
Embed Size (px)
DESCRIPTION
Following is a very simplified view of the method is an implementation of SSL and what part of the certificate in the entire process of plays.
Citation preview
TheSSLStore: SSL Credentials VeriSign GeoTrust Thawte & RapidSSL Certificates for Athabascan, IIS, Windows, IIS6, Windows 2003 for
invulnerable web computer at low prices.
Getting Started
Following is a very simplified view of the method is an implementation of
SSL and what part of the certificate in the entire process of plays.
I N S I D E T H I S I S S U E
1 Getting Started
2 Summary
3 Description
4 Author’s Bio
5 Contact Us
By Company Name
Summary:-
TheSSLstore.com, 146 Second Street North, Suite 204, St. Petersburg, FL 33701, USA
Https://www.thesslstore.com/ [email protected] 727-388-4240
How to Create Self-Signed
Certificate for Apache?
Page 2 How To Create Self- Signed Certificate For Apache?
Normal Web traffic is sent over the Internet. This means that anyone with
access to the right tools, you can snoop all this traffic. Of course, this can
lead to problems, in particular where security and privacy, it is necessary, as
for example in the data bank and credit card transactions. Secure Socket
Layer is used to encrypt the data stream between a Web server and Web
client.
SSL makes use of what is known as asymmetric cryptography, also known
as public key cryptography (PKI). With public key cryptography are created
two keys, one public, and one private. Anything encrypted with either key
can be decrypted only by its key. Therefore, if the current message or data
to be encrypted using the private key of the server, it can be decrypted only
by using the corresponding public key, ensures that the data would only
come from the server.
SSL Certificates uses public key cryptography to encrypt the data stream to
travel over the Internet, why a certificate is necessary? The technical answer
to this question is that the certificate is not really necessary-data is secure
and cannot be easily decrypted by a third party. The certificate is used,
however, a decisive role in the process of communication.
A certificate signed by a trusted certification authority (CA), provides its
holder is who it claims to be you. Without a trusted certificate to the signed
data can be encrypted, the party you are communicating with, however,
may not be whom you believe. Without certificates, it would be much more
common impersonation attacks.
TheSSLstore Products and Partners
Description:-
Page 3 How To Create Self- Signed Certificate For Apache?
Step 1: Generate a Private Key
Toolbox is used to generate a RSA private key & service customers (signing a SSL Certificate request). You
can also use to generate a self-signed certificate that can be used for testing purposes or internal use.
The first step is to create your private RSA key. This key is a 1024-bit RSA key is encrypted using Triple-DES
and stored in PEM format, so it's readable as ASCII.
Command:
openssl genrsa -des3 -out server.key 1024
Output:
Generating RSA private key, 1024 bit long modulus
.........................................................++++++
........++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
Step 2: Generate a CSR (Certificate Signing Request)
Once you generate the private key can generate a certificate signing request. CSR and then, use one of two
methods. Ideally, CSR will be sent to a certification authority such as verisign) to verify the identity of the
requestor, and issued a signing certificate or Thawte. The second option is to self-sign, Certificate Signing
Request, in the next section.
Period of CSR generation you will be prompted to enter a few pieces of information. These are the properties
of an x.509 certificate. Tip of the "common name (for example, your name)". It is important to be an SSL
server's fully qualified domain name of this field is filled in. If you want to protect this Web site will
https://public.akadia.com and enter public.akadia.com in this prompt. Generate CSR command, as follows:
Command:
openssl req -new -key server.key -out server.csr
Output:
Country Name (2 letter code) [GB]:CH
State or Province Name (full name) [Berkshire]:Bern
Locality Name (eg, city) [Newbury]:Oberdiessbach
Organization Name (eg, company) [My Company Ltd]:Akadia AG
Organizational Unit Name (eg, section) []:Information Technology
Common Name (eg, your name or your server's hostname) []:public.akadia.com
Email Address []:martin dot zahn at akadia dot ch
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Page 4 How To Create Self- Signed Certificate For Apache?
Step 3: Remove Passphrase from Key
One of misery-side effect of the private key is Apache ask oiith pass phrase password every time the Web
server is running. Clearly this is not necessarily as someone not always be around to type a password in a
phrase, such as after the restart, or crash. Mod_ssl provides the ability to use external program instead of in
the beyond-a built-in phrase, however, this is not necessarily the safest option or. It is possible to remove the
Triple-DES encryption key, and thus no longer need to type a passphrase.
If the private key is encrypted, it is very important that this file must be readable only by root user! If your
system is ever disclosed to a third party obtains your private key without encryption, the certificate
corresponding to the need to be revoked. With this he said, use the following command to remove the pass-
phrase from the key:
Command:
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
The newly created server.key file has no more passphrase in it.
Output:
-rw-r--r-- 1 root root 745 Jun 29 12:19 server.csr
-rw-r--r-- 1 root root 891 Jun 29 13:22 server.key
-rw-r--r-- 1 root root 963 Jun 29 13:22 server.key.org
Step 4: Generating a Self-Signed Certificate
In this step, you create a self-signed certificate because you or you don't plan on the need your certificate
signed by a certification authority, or want to test the new SSL application while the CA is the signature of
the certificate. This temporary certificate will generate an error in the client browser to the effect that the CA
signature is you know and trust.
To generate a temporary certificate which is good for 365 days, issue the following command:
Command:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Output:
Signature ok
subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information
Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch
Getting Private key
Step 5: Installing the Private Key and Certificate
Installed Apache with mod_ssl, it creates several libraries in the Apache config. Location of this directory
will differ depending on how Apache compiled.
Config code:
Page 5 How To Create Self- Signed Certificate For Apache?
TheSSLstore.com 146, Second Street North, Suite 204 [Address 2] St. Petersburg, FL 33701, USA
Phone: 727-388-4240
Fax:
727-388-4240
E-mail: [email protected]
Config code:
cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key
Step 6: Configuring SSL Enabled Virtual Hosts
http-ssl.conf:
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Step 7: Restart Apache and Test
Author’s Bio:-
TheSSLstore.com is one of the largest SSL Certificates providers globally. Join the Reseller SSL Certificate program and SSL Certificate Affiliate to join with us. Among the Internet security solutions TheSSLstore.com offers are SSL certificates from VeriSign, Thawte, GeoTrust, and RapidSSL. We buy SSL certificates in large quantities and pass the savings to you. To learn more about SSL Certificates visit https://www.thesslstore.com