ERROR OCURRED

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, August 5, 2008

SSL Certificate » SSL on XAMPP

Posted on 3:08 AM by Unknown
Self Signed Certificate It is supposed you have already installed XAMPP wit apache and SSL support and you just wish to change certificate detailsIt means:-your server will display what you will write in your certificate-your certificate will be presented as been untrusted. It is not the case if your company is registered as being SSL provider. You need access as root on the server.Open ssh connection or open a console and login as root.
1) Create a temporary folder and go to that folder (it is not mandatory as long as you know where you are and what filw will be created)
# mkdir temp-ssl
#cd temp-ssl
2) create private key file (PK)Will be created server.key file
#openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus....++++++............++++++e is 65537 (0x10001)
Enter pass phrase for server.key: HERE YOU MUST ENTERE A PHARSE (keep in mind, you will need it lated !!!!)Verifying - Enter pass phrase for server.key:
3) create a certificate request file (CSR)Will be created server.csr
# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: ENTER THE SAME PHARSE as aboveYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:NSWLocality Name (eg, city) []:SydneyOrganization Name (eg, company) [Internet Widgits Pty Ltd]:OLALA.COM.AU(TM)Organizational Unit Name (eg, section) []:SSLCommon Name (eg, YOUR name) []:AdministratorEmail Address []:ssladmin@olala.com.auPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:ENTERE A PASSWORDAn optional company name []:OLALA.COM.AU

You can see the details of this CSR by using following command
#openssl req -noout -text -in server.csr

4) Remove password protection from server.key You need it unless you wish to enter it any time apache start.
Do not do it so ... save secured key in a safe place, make a copy of it and unprotect itYou will have two files:server.key.secure (keep it in a safe place)server.key - you will need it
# cp server.key server.key.secure
# openssl rsa -in server.key.secure -out server.key

How do I verify that a private key matches its Certificate?

The `modulus' and the `public exponent' portions in the key and the Certificate must match

#openssl x509 -noout -modulus -in server.crt | openssl md5
#openssl rsa -noout -modulus -in server.key | openssl md5

(For wildcard commadn used ***
#openssl pkcs12 -in rkwild.pfx -out rkwild.pem
viriawild.pem
vi server.key
#openssl rsa -in server.key -out server.key ) wildcard ssl.



5) Generate the certificate file (CRT)you will have server.crt - you will need it
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature oksubject=/C=AU/ST=NSW/L=Sydney/O=OLALA.COM.AU(TM)/OU=SSL/CN=Administrator/emailAddress=ssladmin@olala.com.auGetting Private keyEnter pass phrase for server.key: ENTER PHARSE - the same like you entered at point 2) and 3
(6) Based on assumption you have /opt/lamppcopy as following (OVERWRITE)
#cp server.key in /opt/lampp/etc/ssl.key/server.key
#cp server.crt in /opt/lampp/etc/ssl.crt/server.crt
7) Restart apache
#/opt/lampp/lampp restart apache
Now all your websites hosted and accessed via https will show your self signed SSL certificate.

For test cert (30-09-08)
for certificate key generation from csr
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout server.key -out cert.crt
************************************************************************************

1) make sure use dedicated ip for ssl.

take the back up of original httpd-ssl.conf, & make ur httpd-ssl.conf

#vi httpd-ssl.conf

Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
# SSLLog /usr/local/apache/logs/ssl_engine_log
# SSLLogLevel info
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

NameVirtualHost 192.168.11.238

ServerAdmin webmaster@abc.com
DocumentRoot /path/of/site
ServerName abc.xyz.com
ServerAlias www.abc.xyz.com
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /path/of/abc.xyz.crt
SSLCertificateKeyFile /server/server.key
SSLCACertificateFile /path/of/CA_bundle.crt
SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0



SSLOptions +StdEnvVars


SSLOptions +StdEnvVars


And in host file make sure entry like this,

NameVirtualHost 192.168.11.235:80

ServerAdmin webmaster@infoproworld.com
DocumentRoot /a/b/c/site.com
ServerName site.com
ErrorLog logs/www.site.com-error_log
CustomLog logs/www.site.com-access_log common




Save the file .... restart the services




#/opt/lampp/lampp restart
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • No package 'lua5.1' found
    hecking for LUA51... no checking for LUA51... configure: error: Package requirements (lua5.1 >= 5.1) were not met: No package 'lua5.1...
  • response to SOA query was unsuccessful: solved
    check your zone file [root@inf1sysadm1 data]# pwd /var/named/data # cat ind.raman.com.zone $ORIGIN . $TTL 3600 ; 1 hour ind.raman.com IN SO...
  • can't locate your x11 installation Fedora
    While install Conky, system through this error. Solution:- You need to install X11 Software Dev Package. Login on system with root user ...
  • Qmail Installation & Configuration step by step
    Tested under CentOS 5.8  64bit machine. 1)Packges which i installed for Qmail. httpd-2.2.3-76 php-5.1.6-39 perl-5.8.8 -38 gcc-4.1.2 mysql-5....
  • Dell MD3200 SAS Cabling With Diagram
    I have 2 MD3200 with SAS Ports + 2 Power Edge720. Task to connect Both DAS with Both server and make sure Both server showing  all DAS Parti...
  • It is safe to clean windows prefetch folder and registry folder ?
     It is safe to clean windows prefetch folder and registry folder ? Will this boost Windows operating system capabilities ? Many of you hav...
  • Windows 7 & Windows 8 fail to start
    Windows 7 fail to boot, what should I do? Is Windows 7 failing to boot after you installed the loader or after you just installed a fresh ne...
  • Steps how to change VolStatus in Bacula through bonsole.
    In my example MediaId=4 or Volumename=000018L4 shows volstatus is Purged. *list volumes Pool: Default +---------+------------+-----------+--...
  • Adobe Photoshop CS5 Error 16 , Adobe Photoshop CS5 Error 7
    When you install Adobe Photoshop CS5 you might get some errors. In case you get one you will see a code and a little description. Is very im...
  • X connection to localhost:10.0 broken (explicit kill or server shutdown).
    Solution:- With Xhost, you can solve this issue.

Categories

  • Adobe
  • Players
  • Reviews
  • Windows

Blog Archive

  • ►  2013 (27)
    • ►  October (3)
    • ►  August (1)
    • ►  June (1)
    • ►  April (3)
    • ►  February (10)
    • ►  January (9)
  • ►  2012 (29)
    • ►  December (2)
    • ►  November (7)
    • ►  October (10)
    • ►  September (4)
    • ►  August (1)
    • ►  June (2)
    • ►  April (1)
    • ►  March (1)
    • ►  January (1)
  • ►  2011 (36)
    • ►  December (3)
    • ►  November (3)
    • ►  October (1)
    • ►  September (5)
    • ►  August (4)
    • ►  May (2)
    • ►  April (4)
    • ►  March (5)
    • ►  February (2)
    • ►  January (7)
  • ►  2010 (24)
    • ►  December (1)
    • ►  November (1)
    • ►  October (4)
    • ►  August (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (2)
    • ►  February (5)
    • ►  January (8)
  • ►  2009 (18)
    • ►  December (6)
    • ►  November (3)
    • ►  August (1)
    • ►  July (2)
    • ►  June (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ▼  2008 (16)
    • ►  December (1)
    • ►  October (1)
    • ▼  August (1)
      • SSL Certificate » SSL on XAMPP
    • ►  July (5)
    • ►  April (2)
    • ►  February (1)
    • ►  January (5)
  • ►  2007 (4)
    • ►  July (3)
    • ►  June (1)
Powered by Blogger.

About Me

Unknown
View my complete profile