January 2018

SSL auth with .p12 – Root CA and .p12

2018-01-31T04:01:32+00:00 January 31st, 2018|Linux, Ubuntu|

PART ONE – setup ssl and ssl certs.

1. enable ssl, run command

a2enmod ssl

and then restart apache

service apache2 restart

go to /etc/apache2 and create ssl folder

mkdir ssl

2. generate key and crt file – follow instruction on the screen

openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout apache.key -out apache.crt

3. edit /etc/apache2/sites-available/default-ssl.conf and add path to generated certs (line 32/33).

SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

4. activate ssl virtual host

sudo a2ensite default-ssl.conf

5. and then restart apache

service apache2 restart

6. setup redirection from http to https, edit vim /etc/apache2/sites-available/000-default.conf and add below code:

RedirectPermanent / https://vault.bartron.uk/

and then restart apache

service apache2 restart

PART TWO – SSL should work with your website lets setup private key access.

7. go to cert directory: /etc/apache2/ssl

8. generate new CA

openssl genrsa -des3 -out myCA.key 2048

9. Generate root certificate

openssl req -x509 -new -nodes -key vaultCA.key -sha256 -days 1825 -out vaultCAroot.pem

10. convert certificate to pem

openssl pkcs12 -export -out apache.bartron.uk.p12 -inkey vaultCA.key -in vaultCAroot.pem

11. enable CA root, edit default-ssl.conf and add/edit (line 51/52)

SSLCACertificatePath /etc/apache2/ssl
SSLCACertificateFile /etc/apache2/ssl/vaultCAroot.pem

12. enable client auth to require (line 69/70)

SSLVerifyClient require
SSLVerifyDepth 10

Load More Posts