22.2.06

 

Creating a self-signed SSL Certificate for Apache 2.2

This is a great link that describes how to create a self-signed certificate e.g. for apache.
http://www.tc.umn.edu/~brams006/selfsign.html

When using apache 2.2. you can include the file conf/extra/httpd-ssl.conf in your httpd.conf:

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf


There you have to set some parameters:

-Enable httpd listening port to 443 (default):

Listen 443

-Paths to keys and certificates:

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile path_to_apache/apache2/conf/server.key

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile path_to_apache/apache2/conf/server.crt


The browser will negotiate the key length using the SSL Cipher Suite. As the keylenght may be even 256bit, this could slow the connection down a lot. To lower the lenght if possible to 128bit, add/replace following line:

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite !ADH:!EXPORT56:!EXPORT40:RC4+RSA:+3DES:+MEDIUM:+HIGH:!LOW:+SSLv2:+EXP


!LOW e.g. means that 56bit keys are not allowed.
See http://httpd.apache.org/docs/2.0/mod/mod_ssl.html for a full explanation.

Don't forget to set the pseudo random number generator to /dev/urandom:

# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512


After that, restart apache.

Technorati Tags:

Comments:
Thanks for sharing the link. There is a lot of support out there for various servers but it's nice to find a good resource when you're trying to Create SSL Certificate.
 
Brokersring.com - Learn how to turn $500 into $5,000 in a month!

[url=http://www.brokersring.com/]Make Money Online[/url] - The Secret Reveled with Binary Option

Binary Options is the way to [url=http://www.brokersring.com/]make money[/url] securely online
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?