Creating a Self-Signed Certificate (Linux Apache)

From Lianjapedia
Revision as of 13:01, 10 February 2021 by Yvonne.milne (Talk | contribs)

Jump to: navigation, search

Under Construction

Linux Apache

  1. Create a self-signed certificate using openssl
  2. Update the site configuration file with the location of the certificate files
  3. Import the certificate into Chrome

Create Certificate

Use the openssl req command to create a self-signed certificate:

Create Certificate


Issue the command, e.g. for my site 'ubuntu20.lianja.local': 

$ sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes \
-addext "subjectAltName = DNS:ubuntu20.lianja.local" \
-out devtest.crt -keyout devtest.key

Then enter the information at the prompts.

Note: the '-addext "subjectAltName = DNS:<valid name>"' must be included to allow the certificate to be subsequently imported into Chrome.

See here for full details of the openssl req command.

Once the files have been created - here 'devtest.crt' and 'devtest.key' - copy them to an appropriate directory, e.g. 

$ sudo mkdir /etc/apache2/ssl
$ sudo cp devtest.* /etc/apache2/ssl

Site Configuration File

Once the certificate has been created and the files are in your desired location, create / edit your site conf file and add in the SSLCertificateFile and SSLCertificateKeyFile entries to point to the files.

Ubuntu

VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName lianja.local
    ServerAlias 192.168.80.136
    DocumentRoot /opt/lianja/cloudserver/tenants/public/wwwroot/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/devtest.crt
    SSLCertificateKeyFile /etc/apache2/ssl/devtest.key
    <Directory /opt/lianja/cloudserver/tenants/public/wwwroot/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
    <Location "/">
        Redirect permanent "/index.html" "/login.rsp"
    </Location>
</VirtualHost>

Note: the above virtual site configuration includes entries for the Directory to point to the Lianja wwwroot directory and a Redirect to load the Lianja login page if no page or the default index.html page is requested. See Apache Module for Linux for information on installing and configuring the module.

Chrome

...

You will now be able to access your https site from Chrome:

Chrome


Note: here the index page has been redirected to the Lianja login page. See the conf file above.

Retrieved from "https://www.lianja.com/doc/index.php?title=Creating_a_Self-Signed_Certificate_(Linux_Apache)&oldid=24265"