Difference between revisions of "Change-certificates-used-by-apache"

From BubbaWiki
Jump to navigation Jump to search
(Created page with 'Change certificates used by apache<br>Author: tor<br><br>If you want to change the certificates used by apache, the ones pointed out in the with SSLCertificateFile and SSLCertifi...')
 
 
Line 1: Line 1:
Change certificates used by apache<br>Author: tor<br><br>If you want to change the certificates used by apache, the ones pointed out in the with SSLCertificateFile and SSLCertificateKeyFile in the config files. You can do as follow.
Change certificates used by apache<br>Author: tor<br><br>If you want to change the certificates used by apache, the ones pointed out in the with SSLCertificateFile and SSLCertificateKeyFile in the config files. You can do as follow.  
<pre>openssl req -new -x509 -nodes -out my_cert.pem -keyout my_privkey.pem</pre>
<pre>openssl req -new -x509 -nodes -out my_cert.pem -keyout my_privkey.pem</pre>  
 
And answer the questions, for example:<br>  
 
And answer the questions, as belo<br>
<pre>If you enter '.', the field will be left blank.
<pre>If you enter '.', the field will be left blank.
-----
-----
Line 12: Line 10:
Organizational Unit Name (eg, section) []:Web
Organizational Unit Name (eg, section) []:Web
Common Name (eg, YOUR name) []:app1.my.dyndns.com
Common Name (eg, YOUR name) []:app1.my.dyndns.com
Email Address []:info@app1.my.dyndns.com</pre>
Email Address []:info@app1.my.dyndns.com</pre>  
This will generate the two files:
This will generate the two files:  
<pre>my_cert.pem - the certificate
<pre>my_cert.pem - the certificate
my_privkey.pem - the private key used</pre>
my_privkey.pem - the private key used</pre>  
Update your apache config entries SSLCertificateFile and SSLCertificateKeyFile to point to these new files or replace the old files. Then reload apache.
Update your apache config entries SSLCertificateFile and SSLCertificateKeyFile to point to these new files or replace the old files. Then reload apache.  
<pre>/etc/init.d/apache2 reload</pre>
<pre>/etc/init.d/apache2 reload</pre>  
 
<br> An important note here. You can only have one certificate usable at a given time (Per IP number and port at least). So this must be the same as used in the main config, /etc/apache2/sites-available/bubba, if not bubbas original certificate will be used. If you want your certificate to be valid longer than 30 days use the -days &lt;number of days&gt; option:<br>  
 
An important note here. You can only have one certificate usable at a given time (Per IP number and port at least). So this must be the same as used in the main config, /etc/apache2/sites-available/bubba, if not bubbas original certificate will be used. If you want your certificate to be valid longer than 30 days use the -days &lt;number of days&gt; option:<br>
<pre>openssl req -new -x509 -nodes -out my_cert.pem -keyout my_privkey.pem -days 1000
<pre>openssl req -new -x509 -nodes -out my_cert.pem -keyout my_privkey.pem -days 1000
</pre>
</pre>

Latest revision as of 11:04, 7 October 2010

Change certificates used by apache
Author: tor

If you want to change the certificates used by apache, the ones pointed out in the with SSLCertificateFile and SSLCertificateKeyFile in the config files. You can do as follow.

openssl req -new -x509 -nodes -out my_cert.pem -keyout my_privkey.pem

And answer the questions, for example:

If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:SE
State or Province Name (full name) [Some-State]:My State
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:Web
Common Name (eg, YOUR name) []:app1.my.dyndns.com
Email Address []:info@app1.my.dyndns.com

This will generate the two files:

my_cert.pem - the certificate
my_privkey.pem - the private key used

Update your apache config entries SSLCertificateFile and SSLCertificateKeyFile to point to these new files or replace the old files. Then reload apache.

/etc/init.d/apache2 reload


An important note here. You can only have one certificate usable at a given time (Per IP number and port at least). So this must be the same as used in the main config, /etc/apache2/sites-available/bubba, if not bubbas original certificate will be used. If you want your certificate to be valid longer than 30 days use the -days <number of days> option:

openssl req -new -x509 -nodes -out my_cert.pem -keyout my_privkey.pem -days 1000