In this tutorial today, we are going to learn about how we can create self-signed certificate in Apache server on Linux machine. First, before starting the activity you need to make sure that all below mentioned pre-requisites are already installed on Linux system. I’ve used RedHat Enterprise Linux 7 vm (virtual machine) for this purpose.
Pre-Requisites: -
- Make sure openssl package is installed (It is important for creating the certificate)
- Make sure mod_ssl is installed (It is important for running your website on https so after creating certificate you need to install that certificate on system so it’s better to install it early.)
If above packages are not installed on your system already, please install them before further proceedings with the help of below command.
yum install mod_ssl openssl
yum install mod_ssl openssl
Procedure: -
Below are the steps to create certificate.
-
Go to the following path.
cd /etc/pki/tls/certs
-
If this path doesn’t exist or directory not created at this path, please create with the help of following command.
mkdir -p /etc/pki/tls/certs
-
Finally, to create the self-signed certificate use below mentioned command.
openssl req -x509 -nodes -newkey rsa:2048 -keyout demosite.com.key -out demosite.com.crt
After giving this command on terminal system will ask a series of questions (like mentioned below) for which you need to set/input the value.
Country Name (2 letter code) [XX]: PK
State or Province Name (full name) []: Islamabad
Locality Name (e.g., city) [Default City]: Islamabad
Organization Name (e.g., company) [Default Company Ltd]: DemoCompany
Organizational Unit Name (e.g., section) []: DemoWebsite
Common Name (e.g., your name or your server's hostname) []: www.demosite.com
Email Address []: admin@demosite.com
After completion system will create 1 key file i.e. demosite.com.key and 1 certificate file i.e. demosite.com.crt in this path i.e. /etc/pki/tls/certs
You can create self-signed certificate for IP as well as domain i.e. instead of demosite.com you can mention the IP address of the system.
No comments:
Post a Comment
Please do not enter spam links.