Create SSL Certificates In OpenSUSE 12.3

This article will help you to secure your Apache server by creating SSL certificates. Some people may need this to Secure their apache  server. Please follow the bellow steps.

Create a random data file

# cat /dev/random > randomfile

Create key pair

# openssl genrsa -des3 -out server.key -rand randomfile

Sign the created Public Key and create a digital certificate

# openssl req -new -x509 -key server.key -out server.crt

Answer the questions and then copy the Public Key and digital certificate to the bellow mentioned folders.

# cp server.key /etc/apache2/ssl.key/
# cp server.crt  /etc/apache2/ssl.crt/

Configure Apache to use OpenSSL (Optional)

Edit the /etc/sysconfig/apache2 file.

 APACHE_START_TIMEOUT="10" 
 APACHE_SERVER_FLAGS="SSL"

copy /etc/apache2/vhost.d/vhost-ssl.template to /etc/apache2/vhost.d/vhost-ssl.conf.

# cp /etc/apache2/vhost.d/vhost-ssl.template /etc/apache2/vhost.d/vhost-ssl.conf

Configure the main site to use HTTPS

Edit the /etc/apache2/default-server.conf file and add Include /etc/apache2/vhost.d/*.conf line in that file.

Include /etc/apache2/conf.d/*.conf
Include /etc/apache2/vhosts.d/*.conf

Edit /etc/apache2/vhost.d/vhost-ssl.conf file as shown below:

<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost *:443>
 DocumentRoot "/srv/www/htdocs"
 ServerName localhost:443
 ErrorLog /var/log/apache2/error_log
 TransferLog /var/log/apache2/access_log
 SSLEngine on
 SSLProtocol all -SSLv2
 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
 SSLCertificateFile /etc/apache2/ssl.crt/server.crt
 SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
 <FilesMatch "\.(cgi|shtml|phtml|php)$">
 SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory "/srv/www/cgi-bin">
 SSLOptions +StdEnvVars
 </Directory>
 BrowserMatch "MSIE [2-5]" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
 CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost> 
</IfDefine>
</IfDefine>

Restart apache

# /etc/init.d/apache2 restart 
redirecting to systemctl restart apache2 
Enter SSL pass phrase for localhost:443 (RSA): ******

Check if the Port Listening

# netstat -an | grep 443
tcp 0 0 :::443 :::* LISTEN
linux-j9hf:/etc/apache2/vhosts.d #

Navigate to https://IP-Address/ from your browser.

ssl1Click on I understand the risks link. Now you will get the output as shown below.

ssl3That’s it.