SSL Guide


  1. This is a relatively simple guide to create SSL certificates a Linux based system.
  2. This guide is tested on OpenSSL 0.9.7a and ClarkConnect 3.0 Home (Red Hat).
  3. Commands shown in a black box must be executed in the terminal (shell) window.
  4. Text shown in the dashed boxes must be entered into the file mentioned in the instructions.


OpenSSL is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Using the self-signed certificates allows a level of assuredness when directed to HTTPS sites.


  1. As root user type:

      2. openssl req -new > server.csr

    This should return the following or similar:

      Enter and verify a PEM passphrase (password):
Enter 2-letter country code:
Enter county/state/province:
Enter locality/city:
Enter organisation name (company):
Enter unit name (department):

      NOTE: if your address is https://www.exampledomain.com then enter www.exampledomain.com for the common name.

       
Enter a common name 
Enter admin email address
Enter other optional extras
Challenge password
Optional company name

  2. Now type the following and enter your previous PEM passphrase when requested:

      3. openssl rsa -in privkey.pem -out server.key

  3. Type the following to create the certificates:

      4. openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

  4. The resulting files should now exist in your current working directory. These are a server.crt and server.key file as shown below:

    SSL Certificate File: server.crt

    SSL Certificate Key File: server.key

  5. Now copy the server.crt file into the appropriate directories:

      6. cp server.crt /etc/httpd/conf/ssl.crt/
cp server.crt /usr/webconfig/conf/

  6. Now copy the server.key file into the appropriate directories:

      7. cp server.key /etc/httpd/conf/ssl.key/
cp server.key /usr/webconfig/conf/

  7. Edit the following file as shown:

      8. nano /etc/httpd/conf/httpd.conf

    Add the following and replace www.example.com with 'common name' used previously:

      ServerName www.example.com
ServerAdmin admin@example.com

  8. Restart httpd and webconfig services:

      9. httpd restart
weconfig restart


Self-signed certificate are not automatically trusted by a web browser, and first time visitors will have to accept it initially. Henceforth, any new certificates issued by the same intetity will automatically trusted.