Skip to content

apache self signed cert

Jump to bottom
Nelson Loyola edited this page Feb 26, 2019 · 2 revisions

WikiServer InstallationApache fonting TomcatCertificate

Self Signed Certificate

These instructions show how to create a self signed certificate for the Apache web server fronting the Biobank Tomcat server. The certificate will allow the Biobank client to log into the server using the DNS name and the IP address.

  1. In a shell create a new directory to hold the certificate :

    cd /etc/apache2
mkdir ssl

  2. Create a file named apache.cnf with the following content, but replace __YOUR_IP_ADDRESS_HERE___ with the IP address for the server:

    [req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = CA
localityName = Locality Name (eg, city)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
IP.1 = __YOUR_IP_ADDRESS_HERE___

  3. Create a private key:

    openssl genrsa -out apache.key 2048

  4. Create the certificate signing request:

    openssl req -new -key apache.key -out apache.csr -config apache.cnf

  5. Sign the certificate signing request, and generate the certificate:

    openssl x509 -req -days 3650 -in apache.csr -signkey apache.key -out apache.crt -extensions v3_req -extfile apache.cnf

  6. Edit the file /etc/apache2/sites-available/default-ssl change the following lines:

    SLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

You can now restart the Apache web server with the command:

service apache2 restart

Main Page

Clone this wiki locally