1. Skip to Menu
  2. Skip to Content
  3. Skip to Footer>

พื้นที่ลงโฆษณา

Thin Client Server

พื้นที่ลงโฆษณา

Linux Authentication

พื้นที่ลงโฆษณา

Apache2 - Secure Sockets Layer

PDF Print E-mail

Written by Mr. Sontaya Photibut Saturday, 02 May 2009 15:57

การสร้าง self-siged SSL certificate

Secure Sockets Layer (SSL) คือ โปรโตคอลความปลอดภัย ที่ถูกใช้เป็นมาตรฐาน ในการเพิ่มความปลอดภัย ในการสื่อสารหรือส่งข้อมูลบนเครือข่ายอินเทอร์เน็ต

ก่อนอื่น คุณต้องแน่ใจว่า คุณได้ติดตั้ง Apache2, openssl  แล้ว 

1. สร้าง Certificate Authority (CA). 

CA:

Common Name (CN) : Issued Name

Organization (O):  Organization Name

Organizational Unit (OU): Development Name

# openssl genrsa -des3 -out ca.key 4096

# openssl req -new -x509 -days 365 -key ca.key -out ca.crt

(-days 365 คุณสามารถเปลื่ยนเป็นกี่ปีก็ได้ เช่น 10 ปี ก็ใส่เป็น 3650 เป็นต้นครับ)

 
Server:

Common Name (CN) : Website Name

Organization (O): Organization Name

Organizational Unit (OU): Development Name

2. สร้าง Key Server  (csr)

# openssl genrsa -des3 -out server.key 4096 

# openssl req -new -key server.key -out server.csr

 
3. ทำ self-created certificate authority (CA) และ Sign certificate signing request (csr)

#  openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01001 -out server.crt

(-set_serial 01001 คุณสามารถเปลื่ยนหมายเลข Serial ได้ครับ )

#  openssl rsa -noout -text -in server.key

# openssl req -noout -text -in server.csr

# openssl rsa -noout -text -in ca.key

# openssl x509 -noout -text -in ca.crt

 

4. ทำ server.key  password apache

# openssl rsa -in server.key -out server.key.insecure

# mv server.key server.key.secure

# mv server.key.insecure server.key

 

5. Copy ไฟล์ ไปยัง /etc/apache2/

# cp server.key /etc/apache2/ssl.key

# cp server.crt /etc/apache2/ssl.crt

# cp server.csr /etc/apache2/ssl.csr

 

6. สร้าง SSL Directory (ถ้าต้องการทำเป็น Virtual Hosting SSL) ถ้าไม่ต้องการ ข้ามเลยครับ

# cd /srv

# mkdir www-ssl

# cd www-ssl

# mkdir htdocs

# cd htdocs

# echo "ssl index page by susethailand.com" >index.html

 

7. Direct Apache2 to load SSL module

# vi /etc/sysconfig/apache2

APACHE_SERVER_FLAGS="SSL"

 

8. Setup Virtual Host SSL port.

# cd /etc/apache2/vhost.d/

# cp vhost-ssl.template vhost-ssl.conf

# vi vhost-ssl.conf 

<VirtualHost_default_:443>

DocumentRoot"/srv/www/htdocs"

#DocumentRoot"/srv/www-ssl/htdocs" (ถ้าต้องการทำเป็น Virtual Hosting SSL) ถ้าคุณทำข้อ 6 มาให้ uncomment

ServerName www.yoursite.com:443

ServerAdmin admin@yoursite.com

ล่างสุดใต้ </VirtualHost> เพิ่ม

<Directory "/srv/www/htdocs">

#DocumentRoot"/srv/www-ssl/htdocs" (ถ้าต้องการทำเป็น Virtual Hosting SSL) ถ้าคุณทำข้อ 6 มาให้ uncomment

AllowOverride None

Order allow,deny

Allow from all

</Directory>

 

9. Firewall

YaST -> Security & Users -> Firewall -> Allowed Services

ทำการ Add HTTP และ HTTPS ใน External Zone.

 

11. Restart apache2

# rcapache2 restart

 

*** ถ้าไม่มี Error ก็แสดงว่าเป็นอันเสร็จครับ ถ้ามี Error ก็ post ลงใน Forum นะครับ.

*** ทดสอบ พิมพ์ https://yoursite.com <Enter> 

เป็นอันเสร็จครับ. 

 

 

 


Comments (0)Add Comment
feedSubscribe to this comment's feed

Write comment

security code
Write the displayed characters


busy
 

SUSE Linux Enterprise Cool Solutions

  • Watch the future of Retail

    On YouTube I've published a three-part video of a presentation I did in early July 2010 to IBM retail partners. The sound volume is a bit low, and this was all recorded with a little flip mino camera, so please excuse the bad quality.

    The three video snippets are mainly intended for any of you who want to use Linux in retail as a solution provider and are wondering how solutions from Novell can help you be more successful.

    Nevertheless, especially the first part about how we see the future of the Point of Service might also be interesting to you if you are a decision maker in retail or just curious about how the future in retail IT may look like.

    The new features in SUSE Linux Enterprise Point of Service 11 Service Pack 1 are only mentioned briefly in this presentation. Watch out for more blog posts to come on Service Pack 1.

    This is Joachim Werner blogging live from the SUSE offices in Nuremberg, Germany.

    http://www.youtube.com/watch?v=WdYEeLIou7s
    http://www.youtube.com/watch?v=3Awr3tPpo2Y
    http://www.youtube.com/watch?v=pwwKpoEI9GI

  • Create an Appliance with SUSE Studio -- you could win $10,000

    They're looking for inventive minds to build the most innovative software appliances. Publish your unique appliance to the new SUSE® Gallery™ and enter into a contest to win $10,000!

    The contest runs from July 27 - September 30, 2010, so brush off your mad skills and pop on over here for all the details.

    It must not be too hard.... in the past year, more than 400,000 Linux appliances were built using SUSE Studio, with nearly 3 million downloads. SUSE Gallery is the place to strut your stuff and show off the appliances you have built with SUSE Studio. It also serves as a centralized online showcase where SUSE Studio users can browse and use both commercial and community-oriented appliances.

    Good luck! Make Cool Solutions proud.

  • See us at SHARE, Boston!

    The next SHARE event is approaching quickly - it takes place in Boston from August 1-5 at Hynes Convention Center: http://www.share.org/Events/UpcomingConference/tab...

    If you are attending, don´t miss the chance to meet our experts for System z, and visit us at Booth #319. To name just a few, watch out for Kim Lorusso (IBM Alliance Marketing Manager and Cool Blogger), Patrick Quairoli (Technical Alliance Manager), Marcus Kraft (Linux on mainframe "pioneer" and Product Manager for SUSE Linux Enterprise Server for System z), David Getzin (Partner Executive for IBM), John Jolly (Sys z Architect), and others. Chat with them about the SUSE Linux Enterprise Consolidation Suite tailored for IBM Solution Edition for Enterprise Linux. Don´t know what that is? Read more here: http://www.novell.com/products/systemz/els.html
    And get the latest about the new zEnterprise System - you bet that will be one of the "ruling" topics.

    Or listen to Mike Friesenegger, one of our most experienced Technical Specialists, when he talks about "ASP.NET on zLinux: A New Workload" (Tues Aug 3, 9:30-10:30AM, Room 305) and about how to " Implement the SUSE Linux Enterprise High Availability Extension on System z" (Tues Aug 3, 11AM-12PM, Room 208). And you´ll have the opportunity to hear from customers like Nationwide Insurance why and how they use SLES for System z.

    And as a side note - for those who have travel constraints and cannot attend personally, SHARE offers the option to participate online - just check out http://www.share.org/Events/UpcomingConference/SHA...

  • IBM zEnterprise System - Get the hard facts

    This week on Thursday IBM made a ground-breaking announcement about the revolutionary zEnterprise System - you might have read my article here on Cool Solutions:
    http://www.novell.com/communities/node/11670/ibm-f...

    Curious now about getting details and some hard facts? Just download the data sheet from IBM and see how it works. Want to discuss how this new system relates to SUSE Linux Enterprise ? Leave a comment or drop me an email at chabow@novell.com

    AttachmentSize
    11394070.pdf385.48 KB
  • What do you think about this country/language selector?

    The web team at Novell is tweaking the way people choose the language they want to read the website in. (Of course, this doesn't affect this communities section, which is only provided in English. But it does affect a lot of the marketing pages on novell.com. )

    We'd like your feedback, especially if you like to read the rest of Novell.com in a language other than English. Take a look at this design, and let us know what you think by posting comments.

    Thanks for your input!

    View design here.

Sponsors List