Creating a new ssl certificate

ramoncio

Joined
May 12, 2010
Messages
1,663
Likes
0
Points
0
#1
When I installed Elastix in two boxes I had problems accesing with firefox, because they both use the exact ssl certificate.
After googling I found how to create a new ssl certificate in Centos. Here is how I did it:

As root:
# cd ~
# openssl genrsa -des3 -out server.key 1024

At this point you asked to enter a password. Please make sure that you remember or TEMPORARILY write down the password because you will need it again.

Make a signing request:
# openssl req -new -key server.key -out server.csr

Self-sign it:
# openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt

Now we need to copy the files to the appropriate directory overwriting existing certificate when asked

# cp ~/server.key /etc/httpd/conf/ssl.key/
# cp ~/server.crt /etc/httpd/conf/ssl.crt/

And then remove the passphrase from your private key:
# cp /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.key/server.key.secure
# openssl rsa -in /etc/httpd/conf/ssl.key/server.key.secure -out /etc/httpd/conf/ssl.key/server.key

and now enter the private key password you wrote down @ the begining.

And now restart httpd with
# service httpd restart

That's it.
I hope it helps someone!!<br><br>Post edited by: ramoncio, at: 2007/05/19 11:46
 

dbbrito

Joined
Jul 22, 2007
Messages
12
Likes
0
Points
0
#2
I made all equal you spoke but still continue giving certified error of localhost.localdomain, you you can help me?
 

dbbrito

Joined
Jul 22, 2007
Messages
12
Likes
0
Points
0
#3
I also made all the process but I continue with error of certificate
 

jcardinal

Joined
Jul 13, 2009
Messages
35
Likes
0
Points
6
#4
I just ran into this same issue. A quick forum search didn't turn up a good solution. It looks like the main thing these instructions lack is confirmation of where Apache is looking for the .crt and .key files. You can confirm these locations in /etc/httpd/conf.d/ssl.conf under the names SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile, etc.

There is a very helpful tutorial for setting up a self-signed SSL certificate or a certificate authority and signed SSL certificate at http://www.tc.umn.edu/~brams006/selfsign.html. I believe http://www.vanemery.com/Linux/Apache/apache-SSL.html has the same information, but Step 4 also explains how to configure Apache to use your newly created certificate.

Hope that helps someone!
 

alexii77

Joined
Jul 12, 2012
Messages
1
Likes
0
Points
0
#5
cd ~
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt
cp ~/server.key /etc/pki/tls/private/localhost.key
cp ~/server.crt /etc/pki/tls/certs/localhost.crt
cp /etc/pki/tls/private/localhost.key /etc/pki/tls/private/localhost.key.secure
openssl rsa -in /etc/pki/tls/private/localhost.key.secure -out /etc/pki/tls/private/localhost.key
service httpd restart


on "Common Name" step enter you fqdn
 

JohnConnor

Joined
Oct 5, 2012
Messages
19
Likes
0
Points
0
#6
Commands given by alexii77 work perfectly B)
 

MareAlta

Joined
Feb 28, 2010
Messages
22
Likes
0
Points
0
#7
alexii77 said:
cd ~
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt
cp ~/server.key /etc/pki/tls/private/localhost.key
cp ~/server.crt /etc/pki/tls/certs/localhost.crt
cp /etc/pki/tls/private/localhost.key /etc/pki/tls/private/localhost.key.secure
openssl rsa -in /etc/pki/tls/private/localhost.key.secure -out /etc/pki/tls/private/localhost.key
service httpd restart


on "Common Name" step enter you fqdn
Hi. I've followed your steps. Didn't got any error. But Chrome is still not trusting on this certificate. Still have the warning.

Any sugestions?
Thanks
 

D3VIATION

Joined
Apr 22, 2013
Messages
14
Likes
0
Points
0
#8
This works. Thanks
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,886
Members
17,564
Latest member
Mai Tuyen
Top