SSL auth with .p12 – Root CA and .p12
PART ONE – setup ssl and ssl certs.
1. enable ssl, run command
a2enmod ssl
and then restart apache
service apache2 restart
go to /etc/apache2 and create ssl folder
mkdir ssl
2. generate key and crt file – follow instruction on the screen
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout apache.key -out apache.crt
3. edit /etc/apache2/sites-available/default-ssl.conf and add path to generated certs (line 32/33).
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
4. activate ssl virtual host
sudo a2ensite default-ssl.conf
5. and then restart apache
service apache2 restart
6. setup redirection from http to https, edit vim /etc/apache2/sites-available/000-default.conf and add below code:
RedirectPermanent / https://vault.bartron.uk/
and then restart apache
service apache2 restart
PART TWO – SSL should work with your website lets setup private key access.
7. go to cert directory: /etc/apache2/ssl
8. generate new CA
openssl genrsa -des3 -out myCA.key 2048
9. Generate root certificate
openssl req -x509 -new -nodes -key vaultCA.key -sha256 -days 1825 -out vaultCAroot.pem
10. convert certificate to pem
openssl pkcs12 -export -out apache.bartron.uk.p12 -inkey vaultCA.key -in vaultCAroot.pem
11. enable CA root, edit default-ssl.conf and add/edit (line 51/52)
SSLCACertificatePath /etc/apache2/ssl
SSLCACertificateFile /etc/apache2/ssl/vaultCAroot.pem
12. enable client auth to require (line 69/70)
SSLVerifyClient require
SSLVerifyDepth 10