Enable https for your apache-httpd-hosted website with a self-signed certificate

Leave a Comment / DevOps / September 10, 2019

Generate a self-signed https certificate

Java’s KeyTool is kind of heavy due to its “keystore” concept. I prefer openssl:

openssl req -x509 -nodes -newkey rsa:2048 -keyout cjx_private.key -out cjx_cert.pem -days 36500
#"-nodes" means no password to access the certificate file
# You will be prompted set up your information. This one is important:
Common Name (e.g. server FQDN or YOUR name) []:*.foo.com   ## Let it be availabe to all sub domains under foo.com 

#After generation you can have a check: 
openssl x509 -in cjx_cert.pem -text

Now you’ve got two files:
1. cjx_private.key — the private key file
2. cjx_cert.pem — the certificate file

Install it on Apache

Install mod_ssl first

yum install mod_ssl

edit httpd.conf

NameVirtualHost *:443 
...

    ....
    SSLEngine on
    SSLCertificateFile  /somepath/cjx_cert.pem
    SSLCertificateKeyFile /somepath/cjx_private.key

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.