![]() ![]() The most important line is the one that requests the Common Name. -out: This tells OpenSSL where to place the certificate that we are creating.įill out the prompts appropriately.-keyout: This line tells OpenSSL where to place the generated private key file that we are creating.The rsa:2048 portion tells it to make an RSA key that is 2048 bits long. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. ![]() -newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time.Many modern browsers will reject any certificates that are valid for longer than one year. -days 365: This option sets the length of time that the certificate will be considered valid.A passphrase would prevent this from happening, since we would have to enter it after every restart. We need Apache to be able to read the file, without user intervention, when the server starts up. -nodes: This tells OpenSSL to skip the option to secure our certificate with a passphrase.X.509 is a public key infrastructure standard that SSL and TLS adhere to for key and certificate management. req -x509: This specifies that we want to use X.509 certificate signing request (CSR) management.openssl: This is the command line tool for creating and managing OpenSSL certificates, keys, and other files.Before we go over that, let’s take a look at what is happening in the command we are issuing: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crtĪfter you enter the command, you will be taken to a prompt where you can enter information about your website.We can create the SSL key and certificate files with the openssl command: ![]() The certificate will store some basic information about your site, and will be accompanied by a key file that allows the server to securely handle encrypted data. Now that Apache is ready to use encryption, we can move on to generating a new SSL certificate. The mod_ssl module is now enabled and ready for use. ![]() Step 1 - Enabling mod_sslīefore we can use any SSL certificates, we first have to enable mod_ssl, an Apache module that provides support for SSL encryption. First, update the local package index to reflect the latest upstream changes:Īnd finally, if you have a ufw firewall set up, open up the http and https ports:Īfter these steps are complete, be sure you are logged in as your non- root user and continue with the tutorial. You will also need to have Apache installed. Our Initial Server Setup with Ubuntu 20.04 guide can show you how to create this account. Prerequisitesīefore starting this tutorial, you’ll need the following:Īccess to a Ubuntu 20.04 server with a non- root, sudo-enabled user. You can learn how to download and configure a Let’s Encrypt certificate in our How To Secure Apache with Let’s Encrypt on Ubuntu 20.04 tutorial. They are typically used for testing, or for securing non-critical services used by a single user or a small group of users that can establish trust in the certificate’s validity through alternate communication channels.įor a more production-ready certificate solution, check out Let’s Encrypt, a free certificate authority. As a result, your users will see a security error when visiting your site.īecause of this limitation, self-signed certificates are not appropriate for a production environment serving the public. However, because it is not signed by any of the trusted certificate authorities included with web browsers and operating systems, users cannot use the certificate to validate the identity of your server automatically. Note: A self-signed certificate will encrypt communication between your server and any clients. ![]()
0 Comments
Leave a Reply. |