Create self signing SSL Certificate

July 10, 2009 · Posted in apache · Comment 
  1. Generate server key
    openssl genrsa -des3 -out server.key 4096
  2. Create certificate signing request
    openssl req -new -key server.key -out server.csr
  3. Sign the certificate signing request with the server key
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  4. Make the server key that does not need the password
    openssl rsa -in server.key -out server.key.insecure
  5. Do some house cleaning
    mv server.key server.key.secure
    mv server.key.insecure server.key
  6. Use the following files in apache configuration
    server.key
    server.crt

Tags: ,

Force SSL on apache

July 10, 2009 · Posted in apache, linux · Comment 

mod rewrite should be enabled on apache. Add the following to your apache config file.

#########################################
#### XXX: BEGIN EDIT FOR MOD_REWRITE ####
#### This is intended to force HTTPS ####
#### for all inbound HTTP requests ####

####
# This module (mod_rewrite) simply tells Apache2 that all connections to
# port 80 need to go to port 443 – SSL – No exceptions
####


LoadModule rewrite_module modules/mod_rewrite.so


RewriteEngine on

####
# The line below sets the rewrite condition for mod_rewrite.so.
# That is, if the server port does not equal 443, then this condition is true
####

ReWriteCond %{SERVER_PORT} !^443$

####
# The line below is the rule, it states that if above condition is true,
# and the request can be any url, then redirect everything to https:// plus
# the original url that was requested.
####

RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

#### XXX: END EDIT FOR MOD_REWRITE ####

Tags: ,