Sunday, 4 October 2020

How to setup SSL certificate for apache

 Step:1 Generate key for Apache in linux.

[root@hostname test]# openssl genrsa -out postrga.key 2048

Generating RSA private key, 2048 bit long modulus

.............................+++

..............................................................+++

e is 65537 (0x10001)

[root@hostname test]# ls

postrga.key

Step:2 Generate csr from postrga key.

[root@hostname test]# openssl req -new -key postrga.key -out postrga.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:QA

State or Province Name (full name) []:DOHA

Locality Name (eg, city) [Default City]:Doha

Organization Name (eg, company) [Default Company Ltd]:B bank

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:hostname

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:welcome123

An optional company name []:NA

[root@hostname test]# ls -lrt

total 8

-rw-r-----. 1 root root 1679 Oct  5 09:22 postrga.key

-rw-r-----. 1 root root 1058 Oct  5 09:25 postrga.csr

Step:3 Validate key.

[root@hostname test]# openssl rsa -in postrga.key -check

RSA key ok

writing RSA key

-----BEGIN RSA PRIVATE KEY-----

MIIEpAIBAAKCAQEAzIXG3I02jOPsGdlqMj1h2U3/vCZoXfEdPY/0uZpM5FHjuo38

0UggfO88ZtMECgsPwEy2mmJ9w55S+/aJoojwdDyZgT2VOPIwRsheTh0zD9s374Y8

ZSTbmCSVIPeunw6N5iUW7qYH99VgLPo87hwbJauetDRxDF9A1OT0lTCxI/dO3dHb

/mYGdc1tbmpifENrgYZJmHKRHiKWVNDrzI9FyyjIUF2ziCFXQf0c+ZaIT0zj7L5H

Uv0rvJkFKfc6QQdbfryOtqhTVIpE81TQ9ygw3M0pARReo4pj4VyYWvw5/orCpmQ0

kE5w2j2aAkLbieWpMut4MwtEo0MzaePiDsZ7qwIDAQABAoIBABdEoPs2lZ4x0Aqg

0ZQlp5wxY4bkV7tYUxtN5Wm4REc1idMPlFO7APc1wIlyOGNsHr6h+6RU0DoRKR/B

TKdRLQoMWup5NyDjbNqgsRnx+H01U4fMndJj/xewEcdOZm9yGHK2hYVhHkbz350+

WvA8Alqmy8d0r+fYbmfKJIlUoNKWfC7lVTndg6WWCVqhJ/Dtgd8zHf9c1eH2XcOM

NNTTlLhpOc/TKyCeQChpbUeqLm71eJuMOzKHo71ZhuSUBWmQvnTZ3XgvRpJ/2nt9

ut5TTzz0XBS/x/UMoTOVBeCuAp3IiXfTWHQZ2tEeKHVOb/HIGf5To7XHydyT++PI

kgoLmgECgYEA6a2yQErTjLn//jkXpilC0EuDJPp1o92fstLPDokRqJJKLrf06Q5A

Adp5oEImjfqIxu0JiB6q5duHL0NxYF5Zi0XCdjYL4+NZq2GQMwz02VX61A9jQ6dj

oe2Y/GQp6HNFPJRsEH7PHDrJ7r7pIiazS2yCYsDaNWY/d3KbdibvrfMCgYEA4A8c

K6kKUhLRUPiIe/pecziWd3wa9hU9reFAwKlh0YxxM6dYe8nDpEhrq1/VZj2PHYNi

qUXNqbDR9u1KLXhxG9d0hcD/XLP9nQZ/up3nEKaPjKpq5qFZohUPpRt+tAXxxch3

CFhI+0Aa5NOYK6VkgLaPeAG6aS7OJ+wkg3ApEWkCgYEAq/nRfc+T8bXR2N9bsEYd

jf6E/en2OisZJRpQmHn4LP+86LUp4XtDUBnh+Te1+DeyAfThVvR7Ab+WtgoEns/R

RtaIT0dnaMghbifXYDrg2DKW7wqEG35NrRaXyOhOj2yGQBdbkKhC9Juvka2fFis1

OQUa0GLuNO6TNu15zHLLYlECgYEA0/r3uAbyELxk9Kpu1n0FpxU+pkTwbSmjdULL

tHuMZGjvIOOOv28gfelWlIjSqSxMnquTSHsWHRmBTJErwOFWgfTR9UmnT9mqdEmV

xsVlu0caQQdqpFC7MLGkX50nvsJw/6Ktm2OLiMoZp6zZJ1IPSAdwrSVVa/YwbWzp

DsGq2SECgYA3Q6U0ZQAyUZyYUVXXr1a6O1rtdLcZFQ2GhHTOEMnS10LsHULH20Oz

6iUsqs7Pq/cp24QJPix/9TJUGILJUDRKF9MLIHEwa8QgI1nZPCHUGfbvd6GM3bPi

Ox1ESgJahisOE+6uE2Y6kHbr3C7X/UF8sSZ3SGYy/VRybDT5DiQjCw==

-----END RSA PRIVATE KEY-----

Step: 4 Validate generate CSR.

[root@hostname test]# openssl req -text -noout -verify -in postrga.csr

verify OK

Certificate Request:

    Data:

        Version: 0 (0x0)

        Subject: C=QA, ST=DOHA, L=Doha, O=B bank, OU=IT, CN=hostname

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

                    00:cc:85:c6:dc:8d:36:8c:e3:ec:19:d9:6a:32:3d:

                    61:d9:4d:ff:bc:26:68:5d:f1:1d:3d:8f:f4:b9:9a:

                    4c:e4:51:e3:ba:8d:fc:d1:48:20:7c:ef:3c:66:d3:

                    04:0a:0b:0f:c0:4c:b6:9a:62:7d:c3:9e:52:fb:f6:

                    89:a2:88:f0:74:3c:99:81:3d:95:38:f2:30:46:c8:

                    5e:4e:1d:33:0f:db:37:ef:86:3c:65:24:db:98:24:

                    95:20:f7:ae:9f:0e:8d:e6:25:16:ee:a6:07:f7:d5:

                    60:2c:fa:3c:ee:1c:1b:25:ab:9e:b4:34:71:0c:5f:

                    40:d4:e4:f4:95:30:b1:23:f7:4e:dd:d1:db:fe:66:

                    06:75:cd:6d:6e:6a:62:7c:43:6b:81:86:49:98:72:

                    91:1e:22:96:54:d0:eb:cc:8f:45:cb:28:c8:50:5d:

                    b3:88:21:57:41:fd:1c:f9:96:88:4f:4c:e3:ec:be:

                    47:52:fd:2b:bc:99:05:29:f7:3a:41:07:5b:7e:bc:

                    8e:b6:a8:53:54:8a:44:f3:54:d0:f7:28:30:dc:cd:

                    29:01:14:5e:a3:8a:63:e1:5c:98:5a:fc:39:fe:8a:

                    c2:a6:64:34:90:4e:70:da:3d:9a:02:42:db:89:e5:

                    a9:32:eb:78:33:0b:44:a3:43:33:69:e3:e2:0e:c6:

                    7b:ab

                Exponent: 65537 (0x10001)

        Attributes:

            unstructuredName         :NA

            challengePassword        :welcome123

    Signature Algorithm: sha256WithRSAEncryption

         0a:65:b6:45:ee:16:2d:f7:c4:8a:9c:22:56:a8:f9:dd:01:34:

         dc:dd:25:ba:91:7d:21:b1:d9:40:02:a7:9d:53:17:30:c6:06:

         36:0e:6f:ea:ab:04:47:69:ac:9e:a3:4f:0a:38:59:75:2f:95:

         62:a1:b2:eb:85:73:94:c2:55:c8:47:ea:c8:97:a7:a0:28:69:

         ff:e3:7e:e8:36:0b:01:f4:b7:46:97:76:b1:2a:14:8e:46:16:

         66:2b:f1:2e:53:a2:5a:11:c5:3c:25:03:dc:aa:fd:d3:a7:96:

         b8:97:b9:6d:36:ff:ef:72:83:58:24:e4:05:97:8c:fa:87:22:

         12:ca:e1:c6:f4:7d:40:dc:c3:1b:59:0e:60:7f:cd:87:af:4b:

         38:59:a6:50:5b:7d:bf:d6:65:97:d3:e2:30:6c:ab:d8:ee:cf:

         b8:c2:ca:9a:8d:2f:68:fa:05:92:17:6d:8e:67:7b:c3:d0:8b:

         57:f9:7f:c6:44:5d:12:4a:27:a2:c7:4f:b0:2e:43:df:f1:d4:

         c9:94:87:e9:5e:21:82:ed:d7:56:1d:5d:bb:70:81:72:f8:b6:

         f5:ad:8b:d1:2d:f5:38:68:33:b6:2e:0c:2c:33:f1:80:44:46:

         0c:8b:f0:5b:52:91:53:81:9d:74:f5:5c:7d:d6:14:af:3c:18:

         8d:55:18:a9

[root@hostname test]# ls

postrga.csr  postrga.key

Step: 5 Send csr file to Digicert authority to get the cert file.

Step: 6 Copy all the files in below path which is given by Digicert authority.

[root@hostname test]# ls /root/test/

postrga.csr  postrga.key

Step:6 Now you can configure this path /root/test/ in ssl.


1 comment:

  1. If you don't have an SSL certificate, your website may still function as always, but it will be vulnerable to hackers and Google will warn visitors that your website is not secure. Google also gives priority to websites that have an SSL certificate.
    HOW MUCH DOES AN SSL CERTIFICATE COST

    ReplyDelete

OS Watcher Installation in RAC

 Step:1 Download and untar the oswbb812.tar under the grid user in RAC on the both nodes. Follow the OS Watcher User's Guide (Doc ID 153...