...
- Run the openssl command from the directory where you want to save the certs. Default is /etc/ssl/certs
- openssl command should be updated to include an identifier for the certs
| Code Block |
|---|
openssl req -x509 -newkey rsa:4096 -keyout <identifier>.key.pem -out <identifier>.cert.pem -days 365 -nodes # for example, if the server is named "batman", run the following openssl req -x509 -newkey rsa:4096 -keyout batman.key.pem -out batman.cert.pem -days 365 -nodes |
- update ssl.conf to point to the new certs. ssl.conf can be found in these locations by default:
On debian|ubuntu:
/etc/apache2/conf-available/ssl.conf
...
Update these settings:
Code Block SSLCertificateFile /etc/ssl/certs/batman.cert.pem SSLCertificateKeyFile /etc/ssl/certs/batman.key.pem
SSLCertificateFile /etc/ssl/certs/batman.cert.pem
SSLCertificateKeyFile /etc/ssl/certs/batman.key.pem
- update virtual host configs as per
...
- wiki page
- Restart apache
systemctl restart apache2
or
...
| Code Block |
|---|
#depending on the linux flavour used, the apache restart command with be one of the following: systemctl restart apache2 service httpd restart |
1.2. Change default passwords
...