How to create SSL certificate

Assumed your machine is installed with Apache(Httpd), openssl, mod_ssl : Here are the guides on how to create/generate your own SSL Certificate. All these steps can be done from any directory but the recommended path is /etc/httpd/conf/

Step 1 : Generate a private key using openssl

The first step is to create your RSA Private Key which is a 1024 bit RSA key which is encrypted using data encryption standard and stored in a PEM format so that it is readable as ASCII text.

openssl genrsa -des3 -out myserver.key 1024


Step 2 : Generate a certificate signing request (CSR)

Once a private key is generated, CSR can be created with the following command. During the generation of CSR, few question will be prompted.

openssl req -new -key mymachine.key -out mymachine.csr


Step 3 : Disable/Remove passphrase

This step is to remove the passphrase for the private key or else your apache will prompt the password each time the web server started.

cp mymachine.key mymachine.key.org
openssl rsa -in mymachine.key.org -out mymachine.key


Step 4: Generating certificate

This step is to create a cetificate for SSL implementation. Use the command below to create a certificate which will last for 365 days (1 Year).

openssl x509 -req -days 365 -in mymachine.csr -signkey mymachine.key -out mymachine.crt


Step 5: Configure SSL Settings

(A) Configure your ssl.conf in /etc/httpd/conf.d/

Change the value for Servername, SSLCertificateFile, SSLCertificateKeyFile

(B) Configure your SSL settings in httpd.conf

Add the lines below to enable virtual hosting.



Step 6: Restart your apache


/etc/init.d/httpd restart

1 comments:

Secure Sockets Layer (SSL) is a protocol designed to enable encrypted, authenticated connection across the Internet. SSL is used mostly in communication between web browsers and web servers. URLs which begin with 'https' indicate that an SSL connection will be used. Online shopping sites frequently use SSL technology to safeguard credit card information. In order to use the SSL protocol you need to obtain an SSL certificate which is used for the server authentication, data encryption, and message integrity checks.
you can buy the ssl certificate from tucktail