Configure self signed certificate on a locally hosted website
1. create a private key
cd /etc/ssl/aureusapps
sudo openssl genrsa -des3 -out aureusapps.key 2048
create with a password
2. Create a self signed certificate to use as root CA
sudo openssl req -x509 -new -key aureusapps.key -sha256 -days 1825 -out aureusapps.pem
Country: LK
State or Province: Western
Locality: Colombo
Organization Name: AureusApps
Common Name: *.aureusapps.dev
Email: admin@aureusapps.dev
-x509: Specifies that the certificate is to be self-signed rather than signed by a Certificate Authority (CA). This option is used for generating a root or self-signed certificate.
-new : generate new certificate request
-noenc : if a private key is created it will not be encrypted
-key : provides the private key for signing a new certificate or certificate request
-sha256 : Specifies SHA-256 as the hashing algorithm
3. Install root certificate
sudo trust anchor aureusapps.pem
4. Creating CA-Signed Certificates for Your Dev Sites
1. Create private key for site
sudo openssl genrsa -out memeslab.aureusapps.dev.key 2048
2. Create certificate signing request CSR
sudo openssl req -new -key memeslab.aureusapps.dev.key -out memeslab.aureusapps.dev.csr
3. create an X509 V3 certificate extension config file
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = memeslab.aureusapps.dev
4. Sign certificate request using CA private key
sudo openssl x509 -req -in memeslab.aureusapps.dev.csr -CA aureusapps.pem -CAkey aureusapps.key -CAcreateserial -out memeslab.aureusapps.dev.crt -days 825 -sha256 -extfile memeslab.aureusapps.dev.ext
5. Update apache SSL config
SSLCertificateFile /etc/ssl/aureusapps/memeslab.aureusapps.dev.crt
SSLCertificateKeyFile /etc/ssl/aureusapps/memeslab.aureusapps.dev.key
Comments
Post a Comment