Server Log https Auto

1. Server Log Https Auto
2.  
3. apt-get install apache2
4.  
5. Generate A certificate
6.  
7. mkdir /etc/apache2/ssl
8. cd /etc/apache2/ssl
9. # openssl genrsa -des3 -out www.hade.war.net.key 2048
10. Generating RSA private key, 2048 bit long modulus
11. .......................................++++++
12. ...................................................++++++
13. e is 73547 (0x01001)
14. Enter pass phrase for www.hade.war.net.key:
15. Verifying - Enter pass phrase for www.hade.war.net.key:
16.  
17. Openssl will request a pass phrase. Type in a sentence that is long and complex but that you can remember (you'll have to type it at least twice). Try to make it at least 40 characters long, with punctuation and capital and lowercase letters. The more different characters you use the better.
18.  
19. root@hade:openssl req -new -key www.hade.war.net.key -out www.hade.war.net.csr
20. Enter pass phrase for server.key:
21. You are about to be asked to enter information that will be incorporated
22. into your certificate request.
23. What you are about to enter is what is called a Distinguished Name or a DN.
24. There are quite a few fields but you can leave some blank
25. For some fields there will be a default value,
26. If you enter '.', the field will be left blank.
27. -----
28. Country Name (2 letter code) [AU]:ID
29. State or Province Name (full name) [Some-State]:West Java
30. Locality Name (eg, city) []:Bandung
31. Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hade Network
32. Organizational Unit Name (eg, section) []:Hade Warnet
33. Common Name (eg, YOUR name) []:Wandi Budiana
34. Email Address []:[email protected]
35.  
36. Please enter the following 'extra' attributes
37. to be sent with your certificate request
38. A challenge password []:password
39. An optional company name []:
40.  
41. root@hade:openssl x509 -req -days 365 -in www.hade.war.net.csr -signkey www.hade.war.net.key -out www.hade.war.net.crs
42. Signature ok
43. subject=/C=ID/ST=West Java/L=Bandung/O=Hade Network/OU=Warnet/CN=Wandi Budiana/[email protected]
44. Getting Private key
45. Enter pass phrase for server.key:
46.  
47. One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. use the following command to remove the pass-phrase from the key:
48.  
49. cp www.hade.war.net.key www.hade.war.net.key.old
50. openssl rsa -in www.hade.war.net.key.old -out www.hade.war.net.key
51.  
52. The newly created server.key file has no more passphrase in it.
53.  
54. Creating your .pem file
55. for testing purposes
56.  
57. cat www.hade.war.net.key www.hade.war.net.crt > www.hade.war.net.pem
58.  
59. nano /etc/apache2/sites-available/default-ssl
60. //update the following:
61.  
62. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
63. SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
64.  
65. with :
66.  
67. SSLCertificateFile /etc/apache2/ssl/www.hade.war.net.pem
68. SSLCertificateKeyFile /etc/apache2/ssl/www.hade.war.net.key
69.  
70. ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
71. a2enmod ssl
72. /etc/init.d/apache2 force-reload or restart your Debian
73.  
74. OR
75. .PEM SSL Creation Instructions
76. from: http://www.digicert.com/ssl-support/pem-ssl-creation.htm
77.  
78. SSL .pem files (for our purposes, concatenated certificate files), are frequently required for certificate installations when multiple certificates are being imported as one file.
79.  
80. The following sets of instructions walk through creating some of the various files that could be called for if your server requires a .pem ssl certificate.
81.  
82. Creating a .pem with the Entire SSL Certificate Trust Chain
83.  
84. Log in to download your Intermediate (DigiCertCA.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt) from within your DigiCert Customer Account.
85.  
86. Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:
87. The Primary Certificate - your_domain_name.crt
88. The Intermediate Certificate - DigiCertCA.crt
89. The Root Certificate - TrustedRoot.crt
90.  
91. Make sure to include the beginning and end tags on each certificate. The result should look like this:
92.  
93. -----BEGIN CERTIFICATE-----
94. (Your Primary SSL certificate: your_domain_name.crt)
95. -----END CERTIFICATE-----
96. -----BEGIN CERTIFICATE-----
97. (Your Intermediate certificate: DigiCertCA.crt)
98. -----END CERTIFICATE-----
99. -----BEGIN CERTIFICATE-----
100. (Your Root certificate: TrustedRoot.crt)
101. -----END CERTIFICATE-----
102.  
103. Save the combined file as your_domain_name.pem. Your .pem file is now ready for use.
104.  
105. Creating a .pem with the Server and Intermediate Certificates
106.  
107. Log in to download your Intermediate (DigiCertCA.crt) and Primary Certificates (your_domain_name.crt) from within your DigiCert Customer Account.
108.  
109. With a text editor (such as wordpad), copy and paste the entire body of each certificate into one text file in the following order:
110. The Primary Certificate - your_domain_name.crt
111. The Intermediate Certificate - DigiCertCA.crt
112.  
113. Make sure to include the beginning and end tags on each certificate. The result should look like this:
114.  
115. -----BEGIN CERTIFICATE-----
116. (Your Primary SSL certificate: your_domain_name.crt)
117. -----END CERTIFICATE-----
118. -----BEGIN CERTIFICATE-----
119. (Your Intermediate certificate: DigiCertCA.crt)
120. -----END CERTIFICATE-----
121.  
122. Save the combined file as your_domain_name.pem. Your .pem file should be ready for use.
123.  
124. Creating a .pem to include your private key and entire trust chain
125.  
126. Log in to download your Intermediate (DigiCertCA.crt) and Primary Certificates (your_domain_name.crt) from within your DigiCert Customer Account.
127.  
128. With a text editor (such as wordpad), copy and paste the entire body of each certificate into one text file in the following order:
129. The Private Key - your_domain_name.key
130. The Primary Certificate - your_domain_name.crt
131. The Intermediate Certificate - DigiCertCA.crt
132. The Root Certificate - TrustedRoot.crt
133.  
134. Make sure to include the beginning and end tags on each certificate. The result should look like this:
135. -----BEGIN RSA PRIVATE KEY-----
136. (Your Private Key: your_domain_name.key)
137. -----END RSA PRIVATE KEY-----
138.  
139. -----BEGIN CERTIFICATE-----
140. (Your Primary SSL certificate: your_domain_name.crt)
141. -----END CERTIFICATE-----
142. -----BEGIN CERTIFICATE-----
143. (Your Intermediate certificate: DigiCertCA.crt)
144. -----END CERTIFICATE-----
145. -----BEGIN CERTIFICATE-----
146. (Your Root certificate: TrustedRoot.crt)
147. -----END CERTIFICATE-----
148.  
149. Save the combined file as your_domain_name.pem. Your .pem file should be ready for use.
150.  
151. chmod 600 *
152.  
153. This step is optional and not really required. For testing purpose, you can always use the self-signed certificate that was generated from the above step.
154.  
155. 4. Get a Valid SSL Certificate ( ip you will use this for online service)
156.  
157. Instead of signing it youself, you can also generate a valid SSL certificate from https://www.startssl.com