The post Apache İçin SSL Sertifikası Oluşturma first appeared on Complexity is the enemy of Security.
]]>Sertifika işlemleri için komut satırından openssl, grafik arabirim tercih ediyorsanız XCA kullanabilirsiniz.
Adım adım sertifika oluşturma ve kendi CA’miz tarafından sertifikanın onaylanması
1- Sertifika OTORİTESİ Oluşturma
1.1 Gizli anahtar oluşturma
# openssl genrsa -des3 -out ca.key 2048
1.2 CA için sertifika oluşturma
# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Istanbul
Locality Name (eg, city) []:Istanbul
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bilgi Guvenligi AKADEMISI
Organizational Unit Name (eg, section) []:Training
Common Name (eg, YOUR name) []:www.bga.com.tr
Email Address []:[email protected]
You have new mail in /var/mail/root
Web sunucu için gizli anahtarın oluşturulması
# openssl genrsa -des3 -out sunucu.key 2048
Generating RSA private key, 2048 bit long modulus
………………………………………………………………+++
………..+++
e is 65537 (0×10001)
Enter pass phrase for sunucu.key:
Verifying – Enter pass phrase for sunucu.key:
2. Sunucu için certificate imzalama isteği
# openssl req -new -key sunucu.key -out sunucu.csr
Enter pass phrase for sunucu.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Istanbul
Locality Name (eg, city) []:Istanbul
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bilgi Guvenligi AKADEMISI
Organizational Unit Name (eg, section) []:Egitim
Common Name (eg, YOUR name) []:www.bga.com.tr
Email Address []:[email protected]
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
You have new mail in /var/mail/root
[root@labs ~/CA]# ls -ltr
total 8
-rw-r–r– 1 root wheel 0 Jun 15 08:17 my-ca.key
-rw-r–r– 1 root wheel 1751 Jun 15 08:17 ca.key
-rw-r–r– 1 root wheel 1740 Jun 15 08:19 ca.crt
-rw-r–r– 1 root wheel 1743 Jun 15 08:22 sunucu.key
-rw-r–r– 1 root wheel 1082 Jun 15 08:25 sunucu.csr
3. CA(Sertifika Otoritesi) kullanarak CSR’i onaylama
# openssl x509 -req -in sunucu.csr -out sunucu.crt -sha1 -CA ca.crt -CAkey ca.key -CAcreateserial -days 730
Signature ok
subject=/C=TR/ST=Istanbul/L=Istanbul/O=Bilgi Guvenligi AKADEMISI/OU=Egitim/CN=www.bga.com.tr/[email protected]
Getting CA Private Key
Enter pass phrase for ca.key:
You have new mail in /var/mail/root
#chmod 400 *.key
4. Apache’i SSL ile başlatma
# apachectl start
Apache/2.2.13 mod_ssl/2.2.13 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server www.bga.com.tr:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
The post Apache İçin SSL Sertifikası Oluşturma first appeared on Complexity is the enemy of Security.
]]>