Edit /etc/httpd.conf:
ext_addr="*"
server "default" {
listen on $ext_addr port 80
listen on $ext_addr tls port 443
root "/htdocs"
tls {
certificate "/etc/ssl/server.crt"
key "/etc/ssl/private/server.key"
}
}
Then generate your own key and certificate...
# openssl genrsa -out /etc/ssl/private/server.key
listen on $ext_addr port 80
listen on $ext_addr tls port 443
root "/htdocs"
tls {
certificate "/etc/ssl/server.crt"
key "/etc/ssl/private/server.key"
}
}
Then generate your own key and certificate...
# openssl genrsa -out /etc/ssl/private/server.key
Generating RSA private key, 2048 bit long modulus.......+++.........+++e is 65537 (0x10001)
# openssl req -new -x509 -key /etc/ssl/private/server.key -out /etc/ssl/server.crt -days 3650
You are about to be asked to enter information that will be incorporated
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:198.18.18.198
Email Address []:
Finally, reload httpd..
# /etc/rc.d/httpd -f restart
httpd(ok)
httpd(ok)
Naturally, your certificate won't be trusted because it was self-signed. You can also generate a certificate signing request and send it off to your certificate authority, at which point (once you pay), they'll return a cert. But, you get the idea!
No comments:
Post a Comment