Although the Make Certificate command has been established with the make certificate command when installing mod_ssl, sometimes you may need to change it.
Of course, there are many automatic scripts to implement it, but the most reliable way is to manually sign a certificate.
First of all, I assume that OpenSSL and MOD_SSL have been installed. If your OpenSSL installation is set to / usr / local / openssl, add the / usr / local / openssl / bin to the execution file lookup path. There is also a script in the MOD_SSL source code, which is named Sign.sh, in the pkg.contrib directory under the source code tree under the MOD_SSL source code. Copy it into / usr / local / openssl / bin.
First create a CA certificate, first create an RSA private key for CA, [S-1] openssl genrsa -des3 -out ca.key 1024 system prompts to enter PEM pass phrase, which is password, keep it after entering it. Generate a CA.Key file, change the file attribute to 400, and place it safe place. [S-2] CHMOD 400 CA.Key You can use the following command to view its content, [S-3] openssl rsa -noout -text -in ca.key
Create a self-signed CA certificate (X.509 Structure) [S-4] openssl Req -new -x509 -Out Ca.crt, then you need to enter the following information: Country name: cn two-letter country code State or province name: An Hui province name Locality name: Bengbu city name Organization name: Family Network company Organizational Unit name: Home department name Common name: Chen Yang your name Email Address: sunstorm @ 263.NET email address generates a ca.crt file, change the file attribute to 400, and placed in a safe place. [S-5] CHMOD 400 CA.CRT You can use the following command to view its content, [S-6] openssl x509 -noout -text -in ca.crt
Below you want to create a server certificate sign request, first create an RSA private key for your apache: [S-7] openssl genrsa -des3 -out server.Key 1024 This is also necessary to set Pass Phrase. Generate a server.Key file, change the file attribute to 400, and placed in a safe place. [S-8] CHMOD 400 Server.Key You can use the following command to view its content, [S-9] openssl rsa -noout -text -in server.Key
Use the Server.Key to generate a certificate to sign the request CSR. [S-10] OpenSSL Req -new -key Server.Key -Or Server.csR This is also necessary to enter some information, similar to the content in [S-4]. As for 'extra' Attributes No need to enter.
You can view the details of the CSR [S-11] openssl rec --noout -text -in server.csr
Below you can sign a certificate, you need to use Sign.sh [S-12] Sign.sh Server.csr to get server.crt. Change the file attribute to 400 and placed in a safe place. [S-13] CHMOD 400 Server.CRT Delete CSR [S-14] RM Server.csr
Final Apache Settings If your Apache compiles parameters prefix to / usr / local / apache, then copy server.crt and server.key to / usr / local / apache / confation httpd.conf will change the following parameters to: SSLCERTIFICATEFILE / USER /local/apache/conf/server.crt sslcertificateKeyFile /usr/local/apache/conf/server.key
The above code from: the source code database (SourceDataBase) Current Version: 1.0.392 Author: Shawls profile: Http://Shawls.Yeah.Net E-Mail: ShawFile@163.Net QQ: 9181729
