Enable SSL/TLS + self signed certificate for http server
Jump to navigation
Jump to search
Self signed key + cert
- Generagete key + certificate (the validity is 365 days in our example):
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout NAME.key -out NAME.crt
The command will ask for some answers on few questions.
- Copy key/cert to appropriate directory (e.g. /etc/ssl or /etc/apache2/ssl or /etc/nginx/ssl, ...)
- Adjust key's permissions and owner:
chown root: NAME.key chmod 400 NAME.key
Apache httpd server
- be sure you have installed and enabled apache's SSL/TLS module.
- in appropriate virtual's config add
SSLEngine on SSLCertificateFile DIRECTORY/NAME.cert SSLCertificateKeyFile DIRECTORY/NAME.key
- don't forget to restart httpd server
- longer config example
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile DIRECTORY/NAME.cert SSLCertificateKeyFile DIRECTORY/NAME.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule>
Nginx httpd server
- be sure you have installed and enabled nginx's SSL/TLS module.
- in appropriate server's cfg add
ssl on; ssl_certificate DIRECTORY/NAME.cert; ssl_certificate_key DIRECTORY/NAME.key;
- don't forget to restart httpd server
- longer config example
server { listen 443; access_log /var/log/nginx/ssl-access.log; error_log /var/log/nginx/ssl-error.log; index index.html; root /usr/share/nginx/html; server_name SERVERNAME; ssl on; ssl_certificate DIRECTORY/NAME.cert; ssl_certificate_key DIRECTORY/NAME.key; ssl_session_timeout 5m; #ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; #ssl_prefer_server_ciphers on; }