APACHE + CERTIFICATES

APACHE + CERTIFICATE

 

 

Important Notes for APACHE+SSL

               https = Works on port 443

               http = Works on port 80

 

SSL Module = mod_ssl.so

 

1) The certificate which we make is called “Self-Signed Certificate”.

 

2) “APACHE + SSL” work with “IP BASED HOSTING”.

 

3) The certificate which made by Proper authority is called “CA [Certificate Authority] Certificate”. Some examples are as follows:

               a) VERISIGN

               b) THAWTE and many more.

 

4) CA Key are already stored in Browser.

 

5) In SSL, the working goes like this:

               a) First “client” sends the blank request i.e. “https://_____

               b) Then server sends, “Public Key” and “Certificate” of all VH to the client.

               c) Then Client sends, the “URL” and “Headers” to the server.

               d) Then the session is established between “CLIENT” & “SERVER”.

This process is called “SSL Handshake”.

 

 

Types of Certificate?

1) Self Signed Certificate (Made by us.)

2) CA – DIGITAL CERTIFICATE

3) Wild Card Certificate [For Subdomain]

               e.g.:- *.xyz.com.crt

4) Bundled Certificate [For Multiple Host Certificate]

               bundled.crt

 

How to make CA Certificate?

 

<FROM OUR END>

1) Never send company information to CA Authority via MAIL.

      Always send via CSR [CERTIFICATE SIGNING REQUEST].

               a) # openssl -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024

               Here,

                              file1:file2:file3:file4:file5 = More characters to make it more secure

                              1024 = bit         

               b) # openssl req -new -key server.key -out server.csr

               Now send this CSR file to CA Authority.

 

<FROM CA Authority END>

1) # openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt

Here,

               -days 60 = Certificate valid for 60 days

 

EXAMPLE

Run “first.com” in https://

<SERVER>

1) Go to configuration file and uncomment the following line.

               Include conf.d/*.conf

 

2) # /etc/init.d/httpd reload

 

3) # yum install mod_ssl

 

4) # cd /etc/httpd/conf

 

5) # openssl req -new -x509 -nodes -out viplavserver.crt -keyout viplavserver.key

     (Wherever we run above command, there only these 2 files are create)

 

6) Open “ssl.conf” file and edit following lines

     # vim /etc/httpd/conf.d/ssl.conf

               Listen 443

               LoadModule ssl_module modules/mod_ssl.so

              

               <Now, In container,>

               DocumentRoot /opt/viplav

               ServerName first.com:443

              

               SSLEngine On

               SSLCertificateFile /etc/httpd/conf/firstserver.crt

               SSLCertificateKeyFile /etc/httpd/conf/firstserver.key

:wq!

 

7) # /etc/init.d/httpd reload

 

 

<CLIENT>

1) Open browser and access the website with “https”

https://first.com

 

 

 

Comments

Post a Comment