SSL Certificate Creation
From Antiflux Wiki
(Difference between revisions)
| (4 intermediate revisions not shown.) | |||
| Line 2: | Line 2: | ||
<ol> | <ol> | ||
<li><code>openssl genrsa -out /etc/ssl/private/hostname.key 1024</code></li> | <li><code>openssl genrsa -out /etc/ssl/private/hostname.key 1024</code></li> | ||
| - | <li><code>openssl req -new -key /etc/ssl/private/ | + | <li><code>openssl req -new -key /etc/ssl/private/hostname.key -out /etc/ssl/antiflux/hostname.csr</code></li> |
| - | <li><code>cd /etc/ssl/ | + | <li><code>cd /etc/ssl/antiflux</code></li> |
<li><code>make sign</code></li> | <li><code>make sign</code></li> | ||
<li><code>mv hostname.cert /etc/ssl/certs/hostname.crt</code></li> | <li><code>mv hostname.cert /etc/ssl/certs/hostname.crt</code></li> | ||
| Line 9: | Line 9: | ||
Note: "make sign" will delete the CSR, so make a copy ahead of time if you're going to want it later. | Note: "make sign" will delete the CSR, so make a copy ahead of time if you're going to want it later. | ||
| + | |||
| + | Stop and start any services using the certificate. Apache doesn't seem to load the new cert if it's simply restarted - you have to actually stop and start it. | ||
| + | <ol> | ||
| + | <li><code>apachectl stop</code></li> | ||
| + | <li><code>apachectl start</code></li> | ||
| + | </ol> | ||
| + | |||
| + | [[Category:Admin]] | ||
Current revision
To generate a certificate for "hostname" signed with our CA key:
openssl genrsa -out /etc/ssl/private/hostname.key 1024openssl req -new -key /etc/ssl/private/hostname.key -out /etc/ssl/antiflux/hostname.csrcd /etc/ssl/antifluxmake signmv hostname.cert /etc/ssl/certs/hostname.crt
Note: "make sign" will delete the CSR, so make a copy ahead of time if you're going to want it later.
Stop and start any services using the certificate. Apache doesn't seem to load the new cert if it's simply restarted - you have to actually stop and start it.
apachectl stopapachectl start
