You’re going to use OpenSSL again to create the certificate and then copy the certificate to /etc/ssl where Apache can find them.
Debian apache server tutorial password#
You want to leave the challenge password blank, otherwise you’ll need to enter this every time you restart Apache. Please enter the following 'extra' attributes Organizational Unit Name (eg, section) : Org Unit (if you have one)Ĭommon Name (eg, YOUR name) : First and Last Name Organization Name (eg, company) : Enter Company Name Locality Name (eg, city) : Enter City Here State or Province Name (full name) : Enter State Here
Debian apache server tutorial code#
If you enter '.', the field will be left blank.Ĭountry Name (2 letter code) : Enter Code Here
There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated Now, you’re going to walk through a set of questions: Once you do this, you’ll be prompted for a passphrase - you’re going to want to remember the passphrase. Now it’s time to generate the CSR, and fill out the questions you’d normally have verified by a Certificate Signing Authority: Let’s start with making sure that SSL is enabled by using the a2enmod utility to enable the SSL module: Modify the VirtualHosts to use the certificate. Generate a certificate signing request (CSR).Ĭopy the certificate and keys we’ve generated. The post on Ubuntu Forums, and Ubuntu Server Guide were useful and got me most of the way there. So let’s get started.īelieve it or not, I don’t generate certs every day, so I had to troll around for some instructions of my own. And I’m not a fan of spending money (and wasting time) when it’s not necessary. So don’t place that responsibility on your users - buy a cert.īut there are thousands upon thousands of sites that need SSL, and don’t need a paid certificate. Aside from the fact that it looks unprofessional, it’s also a real risk - in a large organization, do you assume that all users will know the difference between a legitimate key generated by your IT department, and keys generated by a malicious third party? No, you do not. But if you don’t have a cert from a trusted third party, users will get the nasty “this is an untrusted site” warning. This knocks out CaCert, unfortunately, because their root certificate is not distributed with the major browsers. The reason? You should want to give users a cert that is signed by a third party that’s recognized by major browsers. If you’re doing support for a larger organization, or if you’re going to have people outside the organization connecting - spring for a paid certificate. That is, if you’re working with a small business and have two or three road warriors who have to connect to Webmail and such over SSL, a self-signed cert is probably acceptable. Bad idea.īut I wouldn’t use a self-signed cert for any site that will be handling traffic from people outside an organization or for a “mission critical” type of application. If I’m in a coffee-shop or airport, I really don’t want to be sending my credentials over the network without encryption. I use a self-signed certificate because I want to connect to my server securely when managing my blog using WordPress. Why am I giving a guide for self-signed certs? Self-signed certificates should really only be used in a few situations - but a lot of users fit the profile for using a self-signed certificate but fail to create one and work over plain HTTP instead. Generate the request, work with the CA to get the certificate, and then follow the installation and configuration steps. Note that you can pretty much follow along with the tutorial for getting and installing a certificate via a Certificate Authority (CA), but omit the steps for generating your own self-signed cert. This tutorial assumes you’re going to do a self-signed certificate. It’s easy and takes very little time to configure. In just under 20 minutes, you can create a self-signed certificate for Apache to connect to your Web site for passing any kind of sensitive information. If Firesheep and other menaces have you freaked out about using unsecured connections, it’s time to take matters into your own hands.
0 kommentar(er)
