Apache and OpenSSL (Debian, FreeBSD)

Posted on Thu 15 June 2006 by Pavlo Khmel

Secure data transferring via Web
OS:
Debian GNU/Linux 3.1 r0a "Sarge"
FreeBSD 5.4-RC1-i386

Packages:
OpenSSL
apache+mod_ssl

Create SSL certificates

$ openssl genrsa -des3 -out ca.key 1024
$ ls ca.key
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Country Name (2 letter code) [AU]: NO
State or Province Name (full name) [Some-State]: Trondheim
Locality Name (eg, city) []: Trondheim
Organization Name (eg, company) [Internet Widgits Pty Ltd]: khmel.org
Organization Unit Name (eg, section) []: khmel.org
Common Name (eg, YOUR name) []: khmel.org
Email Address []: test@khmel.org
ls ca.crt
mkdir /etc/ssl_keys/
chmod 0600 /etc/ssl_keys/
cp ca.key /etc/ssl_keys/ca.key
cp ca.crt /etc/ssl_keys/ca.crt

Apache

cd /etc/apache2/mods-available/
cp ssl.conf /etc/apache2/mods-enabled/ssl.conf
cp ssl.load /etc/apache2/mods-enabled/ssl.load

Add to the end of file ssl.conf

NameVirtualHost 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
SSLEngine on
SSLCertificateFile /etc/ssl_keys/ca.crt
SSLCertificateKeyFile /etc/ssl_keys/ca.key
ServerName 192.168.1.1
DocumentRoot /var/www/
</VirtualHost>

Add to file /etc/apache2/ports.conf

Listen 443

Auto password

cd /etc/ssl_keys/
cp ca.key ca.key.org
openssl rsa -in ca.key.org -out ca.key
chmod 400 ca.key