SSL Private/Public Key-Pair Setup for Apache 2.0
For a web-server to be able to accept 'https://' requests, a private/public key-pair (for Apache2 w/ mod_ssl) needs to be generated and stored in the proper location(s).
Note: Before proceeding - the location of executable 'openssl.exe' must be in the PATH. Also, make sure that 'openssl.exe' can find its configuration file 'openssl.cnf'.
To create a self-signed private/public 1024 bit key-pair that will be valid for 365 days...
Open the commad line, and change to the directory that contains 'openssl.exe'...
cd /d C:\www\openssl\bin
Creates a certificate signing request (server.csr) and private key (privkey.pem).
- 'common name' is the exact name of your website (example: www.yourdomain.com).
- If openssl.cnf is not fully configured, you will be asked several questions.
- While not required, openssl.cnf can be edited with the proper information; that will not be asked for if present.
> openssl req -new -out server.csr
Removes pass-phrase from private key (privkey.pem), creating server.key.
> openssl rsa -in privkey.pem -out server.key
Creates a self-signed certificate, server.crt (public key, also known as the 'Certificate').
> openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
Create the default location of public key file server.crt, as specified under ssl.conf.
> mkdir C:\www\Apache2\conf\ssl.crt
Create the default location of private key server.key, as specified under ssl.conf.
> mkdir C:\www\Apache2\conf\ssl.key
Move public and private keys to the proper location.
> move server.crt C:\www\Apache2\conf\ssl.crt
> move server.key C:\www\Apache2\conf\ssl.key
Delete file '.rnd' which contains entropy information and could be used to re-create keys.
> del .rnd
Keep server.csr if you plan on self-signing more keys and you want the authority to match up exactly, otherwise, delete it and the old public key with the passphrase authentication.
> del privkey.pem
> del server.csr