[{"data":1,"prerenderedAt":346},["ShallowReactive",2],{"Categories":3,"NavIndexCategoriesCountFooter":203,"content-\u002F2006\u002F01\u002F30\u002Fssl-certificates-apache2\u002F":204},[4,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,68,70,71,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202],{"category":5},"System Administration",{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},"Software Development",{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":27},{"category":27},{"category":67},"Drones & RC",{"category":69},"DIY Projects",{"category":67},{"category":72},"Photography",{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":67},{"category":67},{"category":72},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":5},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":67},{"category":67},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":72},{"category":67},{"category":138},"3D Printing - Laser Cutting - CNC",{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":5},{"category":138},{"category":27},{"category":27},{"category":138},{"category":138},{"category":72},{"category":158},"Photography,3D Printing - Laser Cutting - CNC",{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":67},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":181},"Home Assistant",{"category":181},{"category":72},{"category":27},{"category":27},{"category":72},{"category":138},{"category":5},{"category":72},{"category":72},{"category":138},{"category":27},{"category":181},{"category":181},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},191,{"id":205,"title":206,"body":207,"category":5,"date":332,"description":213,"embedImage":333,"extension":334,"image":333,"intro":333,"meta":335,"navigation":336,"path":337,"seo":338,"series":333,"sitemap":339,"stem":340,"tags":341,"__hash__":345},"content\u002F2006\u002F01\u002F30\u002Fssl-certificates-apache2-.md","SSL certificates (apache2)",{"type":208,"value":209,"toc":329},"minimark",[210,214,217,228,231,234,240,243,246,254,272,275,278,281,287,290,293,299,302,305,312,318],[211,212,213],"p",{},"There are two kinds of certificates available - self-certified (free - but people will have to either accept the certificate or manually install it) or paid for (you buy it from a Certificate Authority and as long as that CA is a common one then it will just work in most browsers).",[211,215,216],{},"First you will need a private key:",[218,219,224],"pre",{"className":220,"code":222,"language":223},[221],"language-text","cd \u002Fetc\u002Fssl\nopenssl genrsa -des3 -out private\u002Fyour.domain.tld.key 2048\n","text",[225,226,222],"code",{"__ignoreMap":227},"",[211,229,230],{},"Drop the -des3 if you don't want a password (this will allow auto-startup of apache - but is much much less secure). Note - if you are going to purchase a certificate - check how many bits the provider wants you to use.",[211,232,233],{},"Now - you will need  a certificate signing request (CSR)",[218,235,238],{"className":236,"code":237,"language":223},[221],"cd \u002Fetc\u002Fssl\nopenssl req -new -key private\u002Fyour.domain.tld.key -out certs\u002Fyour.domain.tld.csr\n",[225,239,237],{"__ignoreMap":227},[211,241,242],{},"This will prompt you for X.500 information.",[211,244,245],{},"Country, Company, Organizational Unit etc you can set as you need.",[211,247,248,249,253],{},"Common Name (CN) ",[250,251,252],"strong",{},"must"," be the domain you wish to protect. This is a very important point (especially with purchased certificates). It should be the fully qualified domain name. For self-cert you can specify *.domain.tld for a domain wide one (this may well work with purchased certificates but most CAs want to charge per site - rather than per domain).",[211,255,256,257,266,267,271],{},"Note - if you specify just domain.tld then ",[258,259,260],"a",{"href":260,"rel":261,"target":265},"https:\u002F\u002Fdomain.tld",[262,263,264],"nofollow","noopener","noreferer","_blank"," will work but ",[258,268,269],{"href":269,"rel":270,"target":265},"http:\u002F\u002Fwww.domain.tld",[262,263,264]," will not.",[211,273,274],{},"This CSR can now be sent to a CA for signing. Once signed - the certificate will be returned to you - stick it in \u002Fetc\u002Fssl\u002Fcerts\u002Fyour.domain.tld.crt.",[211,276,277],{},"You can of course sign your own certificate.  This has the benefit of being free - but the drawback that users will either have to install your certificate manually - or - every time they access the site they will have to approve the use of the certificate.",[211,279,280],{},"To sign your own certificate run the following:",[218,282,285],{"className":283,"code":284,"language":223},[221],"openssl req -new -x509 -key \u002Fetc\u002Fssl\u002Fprivate\u002Fyour.domain.tld.key -out \u002Fetc\u002Fssl\u002Fcerts\u002Fyour.domain.tld.crt -days <n>\n",[225,286,284],{"__ignoreMap":227},[211,288,289],{},"where \u003Cn> is the number of days the certificate should be valid for.",[211,291,292],{},"Now - we need to install it inside apache2.",[218,294,297],{"className":295,"code":296,"language":223},[221],"a2enmod ssl\n",[225,298,296],{"__ignoreMap":227},[211,300,301],{},"Will enable the module.",[211,303,304],{},"Make sure that \u002Fetc\u002Fapache2\u002Fports.conf includes Listen for port 443.",[211,306,307,308,311],{},"Now - either in apache2.conf - or in ",[250,309,310],{},"one"," of your virtual host files (make sure that the port in the virtual host file is also 443) add",[218,313,316],{"className":314,"code":315,"language":223},[221],"SSLEngine On\nSSLCertificateFile \u002Fetc\u002Fssl\u002Fcerts\u002Fyour.domain.tld.crt\nSSLCertificateKeyFile \u002Fetc\u002Fssl\u002Fprivate\u002Fyour.domain.tld.key\n",[225,317,315],{"__ignoreMap":227},[211,319,320,321,324,325],{},"For more info on why ",[250,322,323],{},"only one"," NameVirtualHost virtual host can have SSL on a server (and possible workarounds) - see ",[258,326,327],{"href":327,"rel":328,"target":265},"http:\u002F\u002Fhttpd.apache.org\u002Fdocs\u002F2.0\u002Fssl\u002Fssl_faq.html#vhosts",[262,263,264],{"title":227,"searchDepth":330,"depth":330,"links":331},2,[],"2006-01-30 21:34:50 +0100",null,"md",{},true,"\u002F2006\u002F01\u002F30\u002Fssl-certificates-apache2",{"title":206,"description":213},{"loc":337},"2006\u002F01\u002F30\u002Fssl-certificates-apache2-",[342,343,344],"debian","ssl","apache2","BoKrbYsNhoaJeNa1pHAT-VsDWaihVbNBhd-z-w2r-u0",1775293016688]