Configuring CA and Apache with SSL

Configuring CA and Apache with SSL

In this tutorial, I am Configuring Certificate Authority (CA) and then I have HTTPD Apache Web Server, I will generate Certificate Signing Request (CSR) from Apache Web Server and then send this CSR to CA server for Signing, and use that signing certificate for Apache Web Server.

So I am having Two Machine in my LAB Environment. one is using for CA Server and second using for Apache web server. = MY CA Server
client-1.ashu.con = MY Apache Web Server

Step -1: Configuring Certificate Authority (CA) Server.
# yum install openssl

# vim /etc/pki/tls/openssl.cnf

[ CA_default ]

dir                 = /etc/pki/CA
certs              = $dir/certs
crl_dir           = $dir/crl
database        = $dir/index.txt
certificate      = $dir/ca.crt
serial             = $dir/serial 
crlnumber     = $dir/crlnumber
private_key   = $dir/private/ca.key

[ req_distinguished_name ]

countryName_default                  = IN
stateOrProvinceName_default     = Delhi
localityName_default         = New Delhi
0.organizationName_default        = ashu, Inc.
organizationalUnitName_default  = Training

:wq (save and exit)

Step 2: Create requied files and directory, if not exists.

# cd /etc/pki/CA/
# ls -d certs crl newcerts private
# touch /etc/pki/CA/index.txt
# echo 01 > /etc/pki/CA/serial

Step 3: Now Generate the CA Server Key for CA server to Sign Certificates.

# openssl genrsa -des3 -out /etc/pki/CA/private/ca.key 2048
Enter pass phrase for /etc/pki/CA/private/ca.key: 123456
Verifying - Enter pass phrase for /etc/pki/CA/private/ca.key: 123456

Step 4: Now Generate the CA Server Certificate and Sign it using your CA server key. 

# openssl req -new -x509 -key /etc/pki/CA/private/ca.key -days 365 -out ca.crt

Enter pass phrase for /etc/pki/CA/private/ca.key: 123456

Country Name (2 letter code) [IN]:
State or Province Name (full name) [Delhi]:
Locality Name (eg, city) [New Delhi]:
Organization Name (eg, company) [ashu, Inc.]:
Organizational Unit Name (eg, section) [Training]:
Common Name (eg, your name or your server's hostname)[]
Email Address []:

Step 5: Now Go to Apache Web Server Machine and Generate the Apache Server Key first.

# openssl genrsa -out 1024

Step 6: Now Generate CSR Certificate and sign it using your Apache Server key.

# openssl req -new -key -out

Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Delhi
Locality Name (eg, city) [Default City]:New Delhi
Organization Name (eg, company) [Default Company Ltd]:ashu, Inc.
Organizational Unit Name (eg, section) []:Training
Common Name (eg, your name or your server's hostname) []
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

NOTE: You have to fill up the above information according to your CA Server Certificate, otherwise CA Server will not sign your certificate. if you want to sign this CSR from CA any how, you have to use "policy_anything" policy on CA Server to sign that.

Step 7: Now Send this CSR Certificate to CA Server using scp command or another way. 
#scp /root/

Step 8: Now Go to the CA Server Machine and Sign this CSR using the following command: 

#openssl ca -in -out

NOTE: By default CA Server use policy "policy_match" to sign CSR certificate. if you have any problem or your certificate information is not correct according to your CA Server, use the "policy_anything" to sign this certificate, use the following command:

#openssl ca -policy policy_anything -in -out

Step 9: Now send back this signed certificate " to Apache Web Server Machine using scp command or other way:
#scp /root/ client-1.ashucom:/root/

Step 10: Now copy this signed certificate and key file in the following locations:

# cp /etc/pki/tls/private/

# cp /etc/pki/tls/certs/

Step 11: Now Configure Apache Web Server to use the above key and signed certificate: 

# vim /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/

SSLCertificateKeyFile /etc/pki/tls/private/

:wq (save and exit )

Step 12: Now Create a index.html into /var/www/html/ directory and start httpd service.

# echo "Hello, Welcome to Apache SSL Web Site" >> /var/www/html/index.html
# service httpd restart
# chkconfig httpd on

NOTE: To use SSL Certificate on Apache Web Server, you must have "mod_ssl" package installed on your machine first.

Step 13: Now Open your Web Browser and access your web site as the following: 


Watch video please Click Here

Posted by-

Click Back..                                Click Home..