Today, toss a little, add summary method apache https certificate.
Certificate is divided into two types,
A) a self-signed certificate
.Csr and key files generated using the oepnssl command, no credit, no expiration date, but may be forced to use https protocol, and can be used for local testing phase.
Proceed as follows:
1. Install its dependencies.
yum install mod_ssl openssl
2. Generate a private key
openssl genrsa -out server.key 2048
3. Create a signature file
openssl req -new -key server.key -out server.csr
4. Generate self-signed certificate. Period to 10 years
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
5. Copy the files related to the appropriate location.
cp server.crt /etc/pki/tls/certs/ cp server.key /etc/pki/tls/private/ cp server.csr /etc/pki/tls/private/
6. Modify ssl.conf corresponding configuration. Find VirtualHost 443 associated with the segment, with a good following lines:
SSLCertificateFile /etc/pki/tls/certs/server.crt SSLCertificateKeyFile /etc/pki/tls/private/server.key
SSLEngine on
(ServerName, DocumentRoot remember also with a good)
7. restart apache service.
service httpd restart
B) Real ssl certificate
It can be used to generate the certificate cerbot or letsencrypt. Related command follows:
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto certonly --standalone --email [email protected] -d YOURDOMAIN.com -d www.YOURDOMAIN.com please use your own mailbox and domain name
Special Note: Let`s Encrypt certificate provided must re-apply once every 90 days