Enable SSL/TLS + self signed certificate for http server
Jump to navigation
Jump to search
Self signed key + cert
- Generagete key + certificate (the validity is 365 days in our example):
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout NAME.key -out NAME.crt
The command will ask for some answers on few questions.
- Copy key/cert to appropriate directory (e.g. /etc/ssl or /etc/apache2/ssl or /etc/nginx/ssl, ...)
- Adjust key's permissions and owner:
chown root: NAME.key chmod 400 NAME.key
Apache httpd server
- be sure you have installed and enabled apache's SSL/TLS module.
- in appropriate virtual's config add
SSLEngine on SSLCertificateFile DIRECTORY/NAME.cert SSLCertificateKeyFile DIRECTORY/NAME.key
- don't forget to restart httpd server
- longer config example
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile DIRECTORY/NAME.cert
SSLCertificateKeyFile DIRECTORY/NAME.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
Nginx httpd server
- be sure you have installed and enabled nginx's SSL/TLS module.
- in appropriate server's cfg add
ssl on; ssl_certificate DIRECTORY/NAME.cert; ssl_certificate_key DIRECTORY/NAME.key;
- don't forget to restart httpd server
- longer config example
server {
listen 443;
access_log /var/log/nginx/ssl-access.log;
error_log /var/log/nginx/ssl-error.log;
index index.html;
root /usr/share/nginx/html;
server_name SERVERNAME;
ssl on;
ssl_certificate DIRECTORY/NAME.cert;
ssl_certificate_key DIRECTORY/NAME.key;
ssl_session_timeout 5m;
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#ssl_prefer_server_ciphers on;
}