how to create local certification

how to create local certification

hrk1l2x

2 minute read

how to create local certification

env

  • Homebrew 1.1.7
  • Server version: Apache/2. 4.25 (Unix)
  • OpenSSL 1.0.2j 26 Sep 2016

setting Openssl environment

$ openssl version
$ brew update
$ brew list | grep openssl
$ brew info openssl
$ brew upgrade openssl

create OpenSSL PATH

# OpenSSL
export PATH=/usr/local/Cellar/openssl/1.0.2j/bin:$PATH
$ source ~/.zshrc

create secret keys

$ openssl genrsa -aes128 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................................+++
...................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

create .csr

$ openssl req -new -key server.key -sha256 -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Saitama
Locality Name (eg, city) []:Tokorozawa-shi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Localhost Inc.
Organizational Unit Name (eg, section) []:Localhost Section
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

create public key

$ openssl x509 -in server.csr -days 365 -req -signkey server.key -sha256 -out server.crt Signature ok subject=/C=JP/ST=Saitama/L=Tokorozawa-shi/O=Localhost Inc./OU=Localhost Section/CN=localhost Getting Private key Enter pass phrase for server.key:


set keys

$ mv ./server.key /usr/local/etc/apache2/2.4/ $ mv ./server.crt /usr/local/etc/apache2/2.4/


## setting httpd.conf

make read httpd-ssl.conf.

Secure (SSL/TLS) connections

Include /usr/local/etc/apache2/2.4/extra/httpd-ssl.conf

comment out and activate mod_ssl.so, mod_socache_shmcb.so

LoadModule ssl_module libexec/mod_ssl.so LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so httpd-ssl.conf の設定 SSL Virtual Host の設定

General setup for the virtual host

DocumentRoot “/Users/{User}/Dropbox/Sites” ServerName example.local:8443 ServerAdmin example@gmail.com ErrorLog “/usr/local/var/log/apache2/error_log” TransferLog “/usr/local/var/log/apache2/access_log” // コメントアウト SSLCertificateFile “/usr/local/etc/apache2/2.4/server.crt” // コメントアウト SSLCertificateKeyFile “/usr/local/etc/apache2/2.4/server.key”


## confirm apply

$ sudo httpd -k restart httpd not running, trying to start Apache/2.4.25 mod_ssl (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Private key wi.local:8443:0 (/usr/local/etc/apache2/2.4/server.key) Enter pass phrase: OK: Pass Phrase Dialog successful. ```

you can use https://{domain}:8443

comments powered by Disqus