Change-certificates-used-by-apache

From BubbaWiki
Jump to: navigation, search

Change certificates used by apache
Author: tor

If you want to change the certificates used by apache, the ones pointed out in the with SSLCertificateFile and SSLCertificateKeyFile in the config files. You can do as follow.

openssl req -new -x509 -nodes -out my_cert.pem -keyout my_privkey.pem

And answer the questions, for example:

If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:SE
State or Province Name (full name) [Some-State]:My State
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:Web
Common Name (eg, YOUR name) []:app1.my.dyndns.com
Email Address []:info@app1.my.dyndns.com

This will generate the two files:

my_cert.pem - the certificate
my_privkey.pem - the private key used

Update your apache config entries SSLCertificateFile and SSLCertificateKeyFile to point to these new files or replace the old files. Then reload apache.

/etc/init.d/apache2 reload


An important note here. You can only have one certificate usable at a given time (Per IP number and port at least). So this must be the same as used in the main config, /etc/apache2/sites-available/bubba, if not bubbas original certificate will be used. If you want your certificate to be valid longer than 30 days use the -days <number of days> option:

openssl req -new -x509 -nodes -out my_cert.pem -keyout my_privkey.pem -days 1000