Ubuntu SSL 2048 Byte

Ubuntu SSL 2048-bit Key
Creating an SSL Certificate

When SSL is used with the Apache via the mod_ssl module, it will create an encrypted RSA file
which has two components a private file which is kept secure on the server and a public file which is
placed in the Certificate file and is thus used by users when they connect to the server. Users will be
able to communicate securely then using the encryption that results in this kind of communication.
New standards are requiring a 2048-bit key instead of the older 1024-bit key.
An official SSL Certificate is required in order to satisfy browsers and customers on a web site.
A Certificate Signing Request (CSR) must be created that contains the public key of the web site
that will be installed in the certificate. This key identifies the owner of the web site and this is the
information that you see when you view a certificate:
Country – State – Company – Organizational Unit – Domain – Email of Administrator
The CSR must be sent to a Certifying Authority (CA) who will then convert the certificate into a real
Certificate which can be placed on the server with the signature of the signing authority. In this
process the signing authority verifies the company is who they say they are on the certificate.
Process of Setting Up Certificate

OpenSSL should be installed on the server as this will be used to create the keys. Create a RSA
private key for the server:
sudo openssl genrsa -des3 -out server.key 2048

Now you must use 2048-bit encryption as the requirements are stronger now and will be completely
in place by 2011. Here is an example of the requirement from GoDaddy.com, not that they are the
standard but certainly very popular.
Enter pass phrase for server.key:
Verifying – Enter pass phrase for server.key:
It is important to create a backup of both the key and the password, or you may have to do the
process all over again.
sudo openssl rsa -noout -text -in server.key

- – - cut – - -
Create a Certificate Signing Request with the server’s RSA private key
sudo openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Montana
Locality Name (eg, city) [Newbury]:Trout Creek
Organization Name (eg, company) [My Company Ltd]:My Company
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:example.com
Email Address []:mike@example.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:Mu75Rdes43
An optional company name []:
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Send the request to a Certifying Authority.
Once the certificate is signed by the CA and returned to you the details may be viewed with this
command:
sudo openssl x509 -noout -text -in server.crt

At this point there should be 5 total files that you have for SSL.
example.com.crt
gd_bundle.crt
server.crt (this is replaced by the domain name.crt from the CA)
server.csr
server.key
You will use three of those files, so copy them to the proper location.
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCACertificateFile /etc/apache2/ssl.crt/gd_bundle.crt
Now modify your domain name in the /etc/apache2/sites-enabled. Make sure your SSLEngine is set
to on.
<IfModule mod_ssl.c>
<VirtualHost 192.168.3.45:443>
ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCACertificateFile /etc/apache2/ssl.crt/gd_bundle.crt
</VirtualHost>
</IfModule>
Now restart apache and be ready to enter the SSL pass phrase you created. This pass phrase will
be needed whenever you restart the server

Ubuntu SSL 2048 Byte

Uploaded by

Copyright:

Available Formats

Ubuntu SSL 2048 Byte

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ubuntu SSL 2048 Byte

Uploaded by

Copyright:

Available Formats

Ubuntu SSL 2048-bit Key

Creating an SSL Certificate

Country – State – Company – Organizational Unit – Domain – Email of Administrator

Process of Setting Up Certificate

sudo openssl genrsa -des3 -out server.key 2048

Verifying – Enter pass phrase for server.key:

sudo openssl rsa -noout -text -in server.key

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [GB]:US

State or Province Name (full name) [Berkshire]:Montana

Locality Name (eg, city) [Newbury]:Trout Creek

Organization Name (eg, company) [My Company Ltd]:My Company

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server’s hostname) []:example.com

Email Address []:mike@example.com

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:Mu75Rdes43

An optional company name []:

sudo openssl x509 -noout -text -in server.crt

server.crt (this is replaced by the domain name.crt from the CA)

You might also like