SSL Private/Public Key-Pair Setup for Apache 2.0

DeveloperSide.NET Articles

For a web-server to be able to accept 'https://' requests, a private/public key-pair (for Apache2 w/ mod_ssl) needs to be generated and stored in the proper location(s).

Note: Before proceeding - the location of executable 'openssl.exe' must be in the PATH. Also, make sure that 'openssl.exe' can find its configuration file 'openssl.cnf'.

To create a self-signed private/public 1024 bit key-pair that will be valid for 365 days...

Open the commad line, and change to the directory that contains 'openssl.exe'...

cd /d C:\www\openssl\bin

Creates a certificate signing request (server.csr) and private key (privkey.pem).


> openssl req -new -out server.csr

Removes pass-phrase from private key (privkey.pem), creating server.key.

> openssl rsa -in privkey.pem -out server.key

Creates a self-signed certificate, server.crt (public key, also known as the 'Certificate').

> openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

Create the default location of public key file server.crt, as specified under ssl.conf.

> mkdir C:\www\Apache2\conf\ssl.crt

Create the default location of private key server.key, as specified under ssl.conf.

> mkdir C:\www\Apache2\conf\ssl.key

Move public and private keys to the proper location.

> move server.crt C:\www\Apache2\conf\ssl.crt > move server.key C:\www\Apache2\conf\ssl.key

Delete file '.rnd' which contains entropy information and could be used to re-create keys.

> del .rnd

Keep server.csr if you plan on self-signing more keys and you want the authority to match up exactly, otherwise, delete it and the old public key with the passphrase authentication.

> del privkey.pem > del server.csr