Quick and Dirty Self Signed Apache Certificate

We’ve all done it, we’ve used our servers and use self signed certificates for simple protections, but have you ever wondered how do I UPDATE my certificates? Well, after scubbing around I found these simple things which can be used to generate the certificate. I hope this helps anyone looking for the same info I was!

Valid for CentOS 5

SSH to your sever, sudo to become root and issue the following commands:

Generate the private key

openssl genrsa -out ca.key 1024

Generate the SR file

openssl req -new -key ca.key -out ca.csr

Generate the Self Signed Key. Make sure you set the hostname properly, it helps.

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Copy the files to the correct locations

cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

fix the SELinux contexts

restorecon -RvF /etc/pki

Edit /etc/httpd/conf.d/ssl.conf for these items

ServerName
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

finally restart apache!

service httpd restart