Original Post : https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7

Setup SSL (Secure Sockets Layer)

การติดตั้ง SSL ให้กับ Apache Web Server

เมื่อทำการติดตั้ง Apache Web Server เรียบร้อยแล้วให้เราทำการ ติดตั้ง mod_ssl โดยใช้คำสั่ง

$ sudo yum install mod_ssl

เมื่อทำการติดตั้งแล้ว mod_ssl จะเปิดใช้งานอัตโนมัติ

สร้างโฟล์เดอร์สำหรับเก็บ Private Key และกำหนดสิทธิการเข้าถึงไฟล์

$ sudo mkdir /etc/ssl/private
$ sudo chmod 700 /etc/ssl/private

สร้าง SSL Key และใบ Certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

Before we go over that, let's take a look at what is happening in the command we are issuing:

  • openssl

: This is the basic command line tool for creating and managing OpenSSL certificates, keys, and other files.

  • req -x509 : This specifies that we want to use X.509 certificate signing request (CSR) management. The "X.509" is a public key infrastructure standard that SSL and TLS adhere to for key and certificate management.
  • -nodes : This tells OpenSSL to skip the option to secure our certificate with a passphrase. We need Apache to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening, since we would have to enter it after every restart.
  • -days 365 : This option sets the length of time that the certificate will be considered valid. We set it for one year here.
  • -newkey rsa:2048 : This specifies that we want to generate a new certificate and a new key at the same time. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
  • -keyout : This line tells OpenSSL where to place the generated private key file that we are creating.
  • -out : This tells OpenSSL where to place the certificate that we are creating.

Country Name (2 letter code) [XX]:TH

State or Province Name (full name) []:Chiang Rai

Locality Name (eg, city) [Default City]:Meang

Organization Name (eg, company) [Default Company Ltd]:Mae Fah Luang University

Organizational Unit Name (eg, section) []:Information Management Unit

Common Name (eg, your name or your server's hostname) []:localhost

Email Address []:[email protected]

results matching ""

    No results matching ""