Coral: apache server cert self signed

From The Uniform Server Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Apache - Server Certificate Self-Signed

This covers how to enable SSL on The Uniform Server 8.0-Coral.

The Uniform Server does not include a test server certificate/key pair, so a default installation has SSL disabled. The reason is one of security. A certificate/key pair must be unique to each server. After creating a new server certificate/key pair, SSL is automatically enabled in Apache's configuration file.

UniServer 8-Coral
  Home
  Quick Start
  General
» Apache
  MySQL
  PHP
  MSMTP
  CRON
  DtDNS
  Db Backup
  Perl
  Main Index

Creating a self-signed certificate

Generating a self-signed certificate requires only a few mouse clicks. The “Server Certificate and Key generator” form has been pre-configured for a self-signed certificate there is no need to change these values just click “Run Generate” However if you wish you can change any of the defaults.

UniController: Server Configuration > Apache > Generate Certificate

  • This opens Server Certificate and Key generator menu shown on right
  • D) Click Run Generate After a short time a confirmation pop-up is displayed.
  • For the new configuration to become effective, restart Apache server.

Note 1: A) If you have changed the server name, that will be displayed instead of localhost.

Note 2: B) C) Are dropdown menus.

Note 3: C) 2048 Bits provide high-grade encryption. It's recommended not to change this.

Top

Alternative Scripts

The Uniform Server provides three scripts to generate a server certificate and key pair.

  1. UniServer\openssl\Generate_server_cert_and_key.bat
  2. UniServer\openssl\Generate_server_cert_and_key.vbs
  3. UniServer\coral_con\scripts\Key_cert_gen.hta

Generate_server_cert_and_key.bat

This script generates a self-signed server certificate and key pair. It assumes you have not changed the server name from its default of localhost. This allows the certificate and key to be automatically generated and installed without any user input.

Note: The certificate signing request is not required and is deleted.

Generate_server_cert_and_key.vbs

This script also generates a self-signed server certificate and key pair, but it assumes you have changed the server name from its default of localhost. A popup displays the current server name setting. You can either accept this displayed value or change it as required. Pressing OK in either case will generate and install the certificate and key.

Note: The certificate signing request is not required and is deleted.

Key_cert_gen.hta

Self-signed certificate:
This script is similar to the above in that it generates a self-signed server certificate and key pair. Several certificate defaults are displayed including server-name. For a self-signed certificate you need only change the server-name or accept its default. Pressing "Run Generate" generates and installs the certificate and key.

Signed certificate:
If you are intending to purchase a signed certificate, fill in all appropriate form fields. Pressing “Run Generate” generates and installs the (self-signed) certificate and key. Unlike the previous two key-cert generation scripts, this script does not delete the certificate-signing request (server.csr). It is located in folder UniServer\openssl. You will open this file and post the contents for signing by the certificate authority. When you receive the signed certificate, you will replace the self-signed certificate with it.


Note 1: Copy both the server key, UniServer\usr\local\apache2\server_certs\ssl.key\server.key, and the returned signed certificate to a writable CD or USB memory stick for safekeeping.


Note 2: For a free signed certificate check out the following page: Free server certificate

Top

Where to next

Apache SSL Introduction and overview.

Free server certificate How to obtain and install a free server certificate from StartCom

Top