Creating a new ssl certificate

Discussion in 'General' started by ramoncio, May 19, 2007.

  1. ramoncio

    Joined:
    May 12, 2010
    Messages:
    1,663
    Likes Received:
    0
    When I installed Elastix in two boxes I had problems accesing with firefox, because they both use the exact ssl certificate.
    After googling I found how to create a new ssl certificate in Centos. Here is how I did it:

    As root:
    # cd ~
    # openssl genrsa -des3 -out server.key 1024

    At this point you asked to enter a password. Please make sure that you remember or TEMPORARILY write down the password because you will need it again.

    Make a signing request:
    # openssl req -new -key server.key -out server.csr

    Self-sign it:
    # openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt

    Now we need to copy the files to the appropriate directory overwriting existing certificate when asked

    # cp ~/server.key /etc/httpd/conf/ssl.key/
    # cp ~/server.crt /etc/httpd/conf/ssl.crt/

    And then remove the passphrase from your private key:
    # cp /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.key/server.key.secure
    # openssl rsa -in /etc/httpd/conf/ssl.key/server.key.secure -out /etc/httpd/conf/ssl.key/server.key

    and now enter the private key password you wrote down @ the begining.

    And now restart httpd with
    # service httpd restart

    That's it.
    I hope it helps someone!!<br><br>Post edited by: ramoncio, at: 2007/05/19 11:46
     
  2. dbbrito

    Joined:
    Jul 22, 2007
    Messages:
    12
    Likes Received:
    0
    I made all equal you spoke but still continue giving certified error of localhost.localdomain, you you can help me?
     
  3. dbbrito

    Joined:
    Jul 22, 2007
    Messages:
    12
    Likes Received:
    0
    I also made all the process but I continue with error of certificate
     
  4. jcardinal

    Joined:
    Jul 13, 2009
    Messages:
    35
    Likes Received:
    0
    I just ran into this same issue. A quick forum search didn't turn up a good solution. It looks like the main thing these instructions lack is confirmation of where Apache is looking for the .crt and .key files. You can confirm these locations in /etc/httpd/conf.d/ssl.conf under the names SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile, etc.

    There is a very helpful tutorial for setting up a self-signed SSL certificate or a certificate authority and signed SSL certificate at http://www.tc.umn.edu/~brams006/selfsign.html. I believe http://www.vanemery.com/Linux/Apache/apache-SSL.html has the same information, but Step 4 also explains how to configure Apache to use your newly created certificate.

    Hope that helps someone!
     
  5. alexii77

    Joined:
    Jul 12, 2012
    Messages:
    1
    Likes Received:
    0
    cd ~
    openssl genrsa -des3 -out server.key 1024
    openssl req -new -key server.key -out server.csr
    openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt
    cp ~/server.key /etc/pki/tls/private/localhost.key
    cp ~/server.crt /etc/pki/tls/certs/localhost.crt
    cp /etc/pki/tls/private/localhost.key /etc/pki/tls/private/localhost.key.secure
    openssl rsa -in /etc/pki/tls/private/localhost.key.secure -out /etc/pki/tls/private/localhost.key
    service httpd restart


    on "Common Name" step enter you fqdn
     
  6. JohnConnor

    Joined:
    Oct 5, 2012
    Messages:
    19
    Likes Received:
    0
    Commands given by alexii77 work perfectly B)
     
  7. MareAlta

    Joined:
    Feb 28, 2010
    Messages:
    22
    Likes Received:
    0
    Hi. I've followed your steps. Didn't got any error. But Chrome is still not trusting on this certificate. Still have the warning.

    Any sugestions?
    Thanks
     
  8. D3VIATION

    Joined:
    Apr 22, 2013
    Messages:
    14
    Likes Received:
    0
    This works. Thanks
     

Share This Page