Documente Academic
Documente Profesional
Documente Cultură
com
Originally published on
LinuxTechLab.com
Securing websites, especially those that saves users information, is of utmost
importance. We use SSL certificates to secure communication between users &
websites. SSL certificates helps in encrypting communication between user & website,
so even if a person could get hold of the communication it will be almost impossible for
him to decrypt the data.
SSL certificates are created using algorithm known as SHA (Secure Hash Algorithm), its
used by certificate authorities to sign a SSL certificate. There are currently 2 types of SHA
algorithm available SHA-1 (not being used now), SHA-2 (most popular) & SHA-3 (not that
popular ) with SHA 2 further divided into SHA-224, SHA-256, SHA-384 & SHA-512. SHA-
256 is the most widely used among SHA-2 but others are also used as well.
Though there is nothing wrong with using SHA-1 technically, but most of the website
have now moved onto using SHA2 certificate as SHA-1 is quite old & some potential
problems have been discovered with it. In this tutorial, we are going to discuss how you
can create a SSL SHA2 certificate to secure your apache server.
Pre-requisites
We will need a webserver with a website hosted & opessl installed. To install httpd, run
For detailed apache installation, read our article STEP BY STEP GUIDE TO CONFIGURE
APACHE SERVER.
Firstly we need to create a private key, which will than be used to create a CSR file. To
create a CSR file, run the following command,
$ openssl genrsa -out test_domain.key 2048
where, test_domain.key is the name of private key. You can also replace 2048 with value
4096 for extra security. Now we will create a CSR file from the created key file by
executing,
This will create a CSR file with SHA 2 algorithm. You can now send this CSR to certificate
authority for creating SHA2 certificate. Once the CSR has been signed & provided by CA,
we only need to configure them SSL in our apache server. Remember CA also provides a
CA chain certificate which will also be configured in apache server along with private key
& website certificate.
We now need to configure httpd.conf or ssl.conf (depending on setup you are using). I
like to to keep all my server setting at one place, so I will be using httpd.conf,
$ vi httpd.conf
& add the following lines in your virtual host definitions (or paste them at the end
httpd.conf, If using single web server)
SSLEngine on
SSLCertificateFile
/data/webserver/apache2/ssl/TEST_DOMAIN/test_domain.com.crt
SSLCertificateKeyFile
/data/webserver/apache2/ssl/TEST_DOMAIN/test_domain.key
SSLCertificateChainFile /data/webserver/apache2/ssl/TEST_DOMAIN/ca_chain.crt
where, test_domain.com.crt is your main, website certificate, test_domain.key is the
private key that we generated & lastly ca_chain.crt is the CA chain certificate, provided
by certificate authority.
Also make sure that you have mod_ssl.so module enabled in httpd.conf file,
After all the changes have been made to httpd.conf, save file & exit & restart your
apache services.
You now have a website that has a SSL SHA2 certificate. You can also test your
website/certificate for any security flaws by visiting,
https://www.ssllabs.com
Thats all for now, please leave your feedback, suggestions or queries in the comment
box down below.
If you think we have helped you or just want to support us, please consider these :-
Connect to us: Facebook | Twitter | Google Plus
LinuxTechLab.com