jump to navigation

Setting up SSL on Apache October 28, 2010

Posted by maxmil in : Apache,Java,Security , trackback

Just had to set up SSL on Apache which uses mod proxy to forward requests to Tomcat.

So that i don’t forget here are the steps and commands that i had to execute.

Create self signed certificate

1) Create private key

openssl genrsa -des3 -out server.key 1024

2) Create csr

openssl req -new -key server.key -out server.csr

NOTE: CN should correspond to domain (may use *)

3) Remove passphrase from private key

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

4) Generate self signed certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

5) Copy key and certificate

cp server.crt /etc/ssl/certs/
cp server.key /etc/ssl/private/

Configure Apache

1) Make sure mod_ssl is loaded

a2enmod ssl

2) Modify path to key in default virtual host /etc/apache2/sites-available/default-ssl

SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

Configure Java

1) Connect to apache en browser via https to get certificate. Confirm security exception.

Note that if you already have an exception confirmed you can delete (in firefox Edit > Preferences > Advanced > View Certificates > Servers)

2) Export certificate (in firefox Edit > Preferences > Advanced > View Certificates > Authorities).

3) Navegate to JVM: /usr/lib/jvm/java-sun-x/jre/lib/security

4) Import:

keytool -import -alias servername -keystore cacerts -file /exported/server.pem

NOTE: The default password for the jdk keystore is “changeit”


no comments yet - be the first?