Tuesday 26 September 2017

Setup SSL self signed on certificate on linux mint/ubuntu(to get https in url)

In the web world, it is quite vital to secure your website from malicious attacks. The SSL(Secure Socket Layer)  is used to secure the data transmitted over the internet between your computer and the destination servers.

This could be the password you used to log into Facebook or your credit card information when you are purchasing something online, basically any important information you wouldn’t want others to know.

With an SSL certificate, any information that is transmitted becomes encrypted by inserting random characters into the original message making it unread.

If a website is secure, you will find the https or a lock symbol in the url. Mostly, you can find the https connection on e-commerce and banking websites.

You may install a self signed SSL certificate or purchase it online from SSL service providers like McAfee, comodo etc. However, the certificate from SSL provider is recommended to be secure than self signed.

Let's see how to configure SSL on our host with self signed certificated.

Open the terminal and use the following commands:

Step 1:

$ mkdir -p /etc/apache2/SSL

Step 2:

$ cd /etc/apache2/SSL

Step 3:

a) Generate self signed key with pass phrase

$ openssl genrsa -des3 -out self-signed.key 2048  #create a certificate with a passphrase

Output :
 
Generating RSA private key, 2048 bit long modulus

e is 65537 (0x10001)
Enter pass phrase for self-signed.key:
Verifying - Enter pass phrase for self-signed.key:

b) a) Generate self signed key without pass phrase

$ openssl genrsa -out self-signed.key 2048 #Create certificate without a passphrase

Output :

Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)

4. Generate CSR(certificate sign request)A

$ openssl req -new -key self-signed.key -out self-signed.csr<br />

Output:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields, there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Telangana
Locality Name (eg, city) []:Hyderabad
Organization Name (eg, company) [Internet Widgits Pty Ltd]:learnindetail
Organizational Unit Name (eg, section) []:technical
Common Name (e.g. server FQDN or YOUR name) []:www.learnindetail.blogsport.com
Email Address []:test@learnindetail@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: Enter
An optional company name []: Enter


5. Generate self signed certificate

$ openssl x509 -req -days 365 -in self-signed.csr -signkey self-signed.key -out self-signed.crt

Output :

Signature ok
subject=/C=IN/ST=Telangana/L=Hyderabad/O=ebhasha setu/OU=ebhashasetu/CN=sravan/emailAddress=your emailid
Getting Private key

6. Configure Self-Signed with Apache

a)enable ssl using command

$ a2enmod ssl

b) edit config file in

/etc/apache2/sites-available/default-ssl.conf

(back up this file prior to editing)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<VirtualHost *:443>


    ServerAdmin localhost

    ServerName localhost

    DocumentRoot /var/www/html


ErrorLog ${APACHE_LOG_DIR}/error.log

    CustomLog ${APACHE_LOG_DIR}/access.log combined

#SSL Configuration

    SSLEngine on

    SSLCertificateKeyFile /etc/apache2/SSL/self-signed.key

    SSLCertificateFile /etc/apache2/SSL/self-signed.crt

    <Directory /var/www/html>

        Options  -Indexes -FollowSymLinks

        AllowOverride All

        Require all granted

    </Directory>

</VirtualHost>

Add/edit these lines to file and save it.

7. run command

$ apache2ctl -t

8. restart apache

$ sudo service apache2 restart

9. now access your localhost with https connection.

https://learnindetail.blogspot.com/

If you are purchasing an SSL certificate from SSL service providers, you may follow the same instructions till step 4 and they'll provide you with .crt file along with the instructions to install it. You may follow those instructions to install the SSL from service provider.

No comments:

Post a Comment