Pricing Features Customers Help & Community

Transcription

Pricing Features Customers Help & Community
1 de 8
Pricing
Features
Customers
Help & Community
Sign Up Login
Help & Community
Articles & Tutorials
Questions
Chat
Blog
Try this tutorial
on an SSD cloud server.
Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more.
Related Articles
CentOS
How to Setup and Configure an OpenVPN Server on CentOS 6
How To Set Up Apache Virtual Hosts on CentOS 6
How To Set Up vsftpd on CentOS 6
How To Add and Delete Users on Ubuntu 12.04 and CentOS 6
How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 6
Apache
How To Create a SSL Certificate on Apache for Ubuntu 12.04
How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 6
How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 6
How To Set Up Apache Virtual Hosts on Ubuntu 12.04 LTS
How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu
2 de 8
How To Create a SSL Certificate on Apache for CentOS 6
15
Tweet
3
submit
Share
Write an Article
About Self-Signed Certificates
A SSL certificate is a way to encrypt a site's information and create a more secure connection. Additionally, the certificate can show the
virtual private server's identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the virtual
server's details while a self-signed certificate has no 3rd party corroboration.
Step One—Install Mod SSL
In order to set up the self signed certificate, we first have to be sure that Apache and Mod SSL are installed on our VPS. You can install both
with one command:
yum install mod_ssl
Step Two—Create a New Directory
Next, we need to create a new directory where we will store the server key and certificate
mkdir /etc/httpd/ssl
Step Three—Create a Self Signed Certificate
When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days
we prefer. As it stands this certificate will expire after one year.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into
the new directory.
This command will prompt terminal to display a lists of fields that need to be filled in.
The most important line is "Common Name". Enter your official domain name here or, if you don't have one yet, your site's IP address.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:[email protected]
Step Four—Set Up the Certificate
Now we have all of the required components of the finished certificate.The next thing to do is to set up the virtual hosts to display the new
certificate.
Open up the SSL config file:
3 de 8
vi /etc/httpd/conf.d/ssl.conf
Find the section that begins with <VirtualHost _default_:443> and make some quick changes.
Uncomment the DocumentRoot and ServerName line and replace example.com with your DNS approved domain name or server IP address
(it should be the same as the common name on the certificate):
ServerName example.com:443
Find the following three lines, and make sure that they match the extensions below:
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
Your virtual host is now all set up! Save and Exit out of the file.
Step Five—Restart Apache
You are done. Restarting the Apache server will reload it with all of your changes in place.
/etc/init.d/httpd restart
In your browser, type https://youraddress to view the new certificate.
By Etel Sverdlov
Try this tutorial on an SSD cloud server.
Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more.
Comments
anthony
Simple and works perfect. Thanks.
Posted November 28th, 2012 19:01
Etel
Aw! Thank you for the kind words! :D
Posted November 28th, 2012 19:04
mark
We need to add one last command to allow this to work:
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
This opens port 443 to allow https:// to work.
4 de 8
Posted January 11th, 2013 16:54
Etel
Thanks for the suggestion, Mark. This is definitely true for users that have IP tables set up.
Posted January 11th, 2013 22:14
enrique
Good manual, need help...
Bad Request
Your browser sent a request that this server could not understand.
Reason: Youre speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Posted January 21st, 2013 15:12
Moisey
In your URL you arent using HTTPS which indicates that you want to connect to port 443, but instead your URL has HTTP.
So just update that and you should be good to go.
Posted January 21st, 2013 16:57
thom_l
Stopping httpd: [FAILED]
Starting httpd: [FAILED]
Posted March 3rd, 2013 22:12
David Levy
Thanks for that additional command mark. Works great.
Suggestion:
Why not expand the tutorial to include how to use trusted ssl keys?
Posted March 23rd, 2013 21:32
David Levy
To add to mark's command:
http://wiki.centos.org/HowTos/Https
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
5 de 8
Posted March 23rd, 2013 21:36
SaM5246
You have asked Firefox to connect
securely to 192.xxx.xxx.32, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.
So this is what everyone will see the first time they come across it?
Posted August 7th, 2013 18:15
Kamal Nasser
@SaM5246: It's because this is a self-signed cert. To get rid of this warning, you have to get your certificate signed by a CA such as
Comodo, Verisign, Thawte, Godaddy, etc.
Posted August 7th, 2013 19:10
Colin Foster
... or create your own CA certificate and install that into apache and your own browsers' trusted CA list. That gets rid of the warning screen
(and tests that the certificate installed OK - you'll see the green padlock beside the URL).
Posted August 15th, 2013 05:45
leo_ultra_leo
What about the "genkey" command for certificate generation? I know there is a bug regarding this issue (in RHEL6 and CentOS 6.4). I did
update the nss tool in CentOS and it now just works so great!
Posted September 20th, 2013 09:00
ruben.amaya
Etel, In case that I am not running iptables. How I can open the 443.?
I read this post and all comments, then went to my machine and give the commands
iptables --list
service iptables status
I don't get any information from iptables --list, and the service iptables status told me
that I am not running iptables.
But if I did the command (after installing nmap with yum install nmap )
nmap -v -r 127.0.0.1
That runs an autoscan it give me the following (This is only part of the output)
that I use to check which ports are open and which not.)
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
6 de 8
25/tcp open smtp
80/tcp open http
3306/tcp open mysql
10000/tcp open snet-sensor-mgmt
I noticed that when I installed Apache with yum, the port was opened, the same when I installed
the Mysql, but how this is possible if the iptables is not running.? Is there another method
to open the ports.?
And thank you for all the information in this post. Is being very usefull.
Posted October 19th, 2013 20:26
Kamal Nasser
@ruben.amaya: What's the output of iptables -L -v as root?
The iptables service might not be running but the iptables kernel module is always there.
Posted October 20th, 2013 08:16
masterjx12
how do you add multiple ssl's?
Posted October 22nd, 2013 17:51
Kamal Nasser
@masterjx12: See https://www.digitalocean.com/community/articles/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apacheon-ubuntu-12-04
I recommend reading through the article and then performing the steps yourself since the article is for Ubuntu and not CentOS.
Posted October 23rd, 2013 18:20
singh.baljinder1356
works great to me, thanx Etel,
can u plz suggest how to use already purchased CA certfied ssl in it
Posted October 27th, 2013 08:36
7 de 8
Create your account or sign-in
Company
Pricing
Comparison Chart
Features
Customers
About
FAQ
Press
Careers
API
Integrations
Network Status
Contact
Community
Articles & Tutorials
Get Paid to Write
Suggest an Article
Chat
Q&A
Blog
Referral Program
Events Calendar
Feedback
Badges & Logos
The Shop
Getting Started
One-Click Install Applications
What is Cloud Hosting?
Control Panel Overview
Deploy a Virtual Server
Set-Up SSH Keys
Install Git on Ubuntu
How to Install Ruby on Rails
How to Install LAMP Stack
Set-Up a Host Name
8 de 8
©2011-2013 DigitalOcean™, Inc. All Rights Reserved. Terms & Privacy. Security.