background preloader


Facebook Twitter

Generating an SSL Certificate with Apache+mod_ssl. Introduction This document is intended to be a quick guide to generating and installing an SSL certificate on an Apache web server with the mod_ssl module. While this is not an overly difficult process, it does involve running several long commands with numerous options. This document should be all that you need to walk you through the process of generating the certificate and installing it in your web server. This document does not attempt to discuss compiling or installing Apache and mod_ssl.

For detailed instructions on that topic, please see "Building Apache with mod_ssl and Other Modules". Brief SSL Primer This section will serve as a very brief introduction to SSL, the Secure Socket Layer. Normal web traffic is sent unencrypted over the Internet. SSL makes use of what is known as asymmetric cryptography, commonly referred to as public key cryptography (PKI). Generating a Private Key and CSR The first step is to create your RSA Private Key. Disabling Certificate Validation in an HTTPS Connection. By default, accessing an HTTPS URL using the URL class results in an exception if the server's certificate chain cannot be validated has not previously been installed in the truststore. If you want to disable the validation of certificates for testing purposes, you need to override the default trust manager with one that trusts all certificates. Apache2 SSL on Windows. Keytool-Key and Certificate Management Tool. - /SSL/ How do I create an SSL socket connection from a Java application? How do I... Request and install SSL certificates in IIS 7.0? Shining Light Productions - Win32 OpenSSL. Shining Light Productions' Technical Support is highly acclaimed by many as the best in the software industry.

Shining Light Productions - Win32 OpenSSL

The reason? You get to talk to the original/current developer of the product one-on-one...this means that there is no annoying third party using scripted responses. The downside is that, since you ARE e-mailing a real developer, you need to realize this and respect the developer, no matter what mood he/she is in. A developer's time is extremely valuable and a developer may not be in the most pleasant mood all the time. You can quickly get on any developer's nerves by e-mailing multiple times, mis-spelling, mis-communicating, need to be told where your "Start" button is, or you manage to catch the developer at the end of an eight hour debugging session (or worse, the frantic portion of a release cycle).

Feature Requests: To suggest a feature, send an e-mail to Shining Light Productions describing the feature in as much detail as possible. Knowledge Center - SSL Certificates Support. This document provides instructions for generating a Certificate Signing Request on Apache.

Knowledge Center - SSL Certificates Support

If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Apache-SSL. NOTE: To generate a CSR, a key pair must be created for the server. These two items are a digital certificate key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued.

The private key, CSR, and certificate must all match in order for the installation to be successful. Watch a video demo to easily generate a Certificate Signing Request (CSR) on an Apache server Note: If you are unable to view the video player, please click here to view from the video's web page. Step 1: Generate Private Key NOTE: All certificates that will expire after October 2013 must have a 2048 bit key size. Step 2: Generate the CSR. SSL/TLS Strong Encryption: FAQ. Available Languages: en | fr The wise man doesn't give the right answers, he poses the right questions.-- Claude Levi-Strauss Configuration Is it possible to provide HTTP and HTTPS from the same server?

SSL/TLS Strong Encryption: FAQ

Yes. HTTP and HTTPS use different server ports (HTTP binds to port 80, HTTPS to port 443), so there is no direct conflict between them. Which port does HTTPS use? You can run HTTPS on any port, but the standards specify port 443, which is where any HTTPS compliant browser will look by default. How do I speak HTTPS manually for testing purposes?

While you usually just use $ telnet localhost 80 GET / HTTP/1.0 for simple testing of Apache via HTTP, it's not so easy for HTTPS because of the SSL protocol between TCP and HTTP. . $ openssl s_client -connect localhost:443 -state -debug GET / HTTP/1.0 Before the actual HTTP response you will receive detailed information about the SSL handshake. Frequently used SSL commands. Using opensslusing keytool (included in recent Sun java reference implementations) openssl generate a new private key and matching Certificate Signing Request (eg to send to a commercial CA) openssl req -out MYCSR.csr -pubkey -new -keyout MYKEY.key add -nodes to create an unencrypted private key add -config <openssl.cnf> if your config file has not been set in the environment.

frequently used SSL commands