![](/uploads/1/2/5/8/125837002/188183533.jpg)
I'd like to use my Mac OS X with https for local development tests. How can I easily make Apache2 respond to ssl, just for test proposes - I don't want a real certificate, just a fake to make local.
here is the contents of the makefile
.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
.PRECIOUS: %.key %.csr %.crt %.pem
usage:
@echo 'This makefile allows you to create:'
@echo ' o public/private key pairs'
@echo ' o SSL certificate signing requests (CSRs)'
@echo ' o self-signed SSL test certificates'
@echo
@echo 'To create a key pair, run 'make SOMETHING.key'.'
@echo 'To create a CSR, run 'make SOMETHING.csr'.'
@echo 'To create a test certificate, run 'make SOMETHING.crt'.'
@echo 'To create a key and a test certificate in one file, run 'make SOMETHING.pem'.'
@echo
@echo 'To create a key for use with Apache, run 'make genkey'.'
@echo 'To create a CSR for use with Apache, run 'make certreq'.'
@echo 'To create a test certificate for use with Apache, run 'make testcert'.'
@echo
@echo Examples:
@echo ' make server.key'
@echo ' make server.csr'
@echo ' make server.crt'
@echo ' make stunnel.pem'
@echo ' make genkey'
@echo ' make certreq'
@echo ' make testcert'
%.pem:
umask 77 ;
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ;
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ;
/usr/bin/openssl req -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 ;
cat $$PEM1 > $@ ;
echo ' >> $@ ;
cat $$PEM2 >> $@ ;
$(RM) $$PEM1 $$PEM2
%.key:
umask 77 ;
/usr/bin/openssl genrsa -des3 1024 > $@
%.csr: %.key
umask 77 ;
/usr/bin/openssl req -new -key $^ -out $@
%.crt: %.key
umask 77 ;
/usr/bin/openssl req -new -key $^ -x509 -days 365 -out $@
KEY=/etc/httpd/conf/ssl.key/server.key
CSR=/etc/httpd/conf/ssl.csr/server.csr
CRT=/etc/httpd/conf/ssl.crt/server.crt
genkey: $(KEY)
certreq: $(CSR)
testcert: $(CRT)
$(CSR): $(KEY)
umask 77 ;
/usr/bin/openssl req -new -key $(KEY) -out $(CSR)
$(CRT): $(KEY)
umask 77 ;
/usr/bin/openssl req -new -key $(KEY) -x509 -days 365 -out $(CRT)
.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
.PRECIOUS: %.key %.csr %.crt %.pem
usage:
@echo 'This makefile allows you to create:'
@echo ' o public/private key pairs'
@echo ' o SSL certificate signing requests (CSRs)'
@echo ' o self-signed SSL test certificates'
@echo
@echo 'To create a key pair, run 'make SOMETHING.key'.'
@echo 'To create a CSR, run 'make SOMETHING.csr'.'
@echo 'To create a test certificate, run 'make SOMETHING.crt'.'
@echo 'To create a key and a test certificate in one file, run 'make SOMETHING.pem'.'
@echo
@echo 'To create a key for use with Apache, run 'make genkey'.'
@echo 'To create a CSR for use with Apache, run 'make certreq'.'
@echo 'To create a test certificate for use with Apache, run 'make testcert'.'
@echo
@echo Examples:
@echo ' make server.key'
@echo ' make server.csr'
@echo ' make server.crt'
@echo ' make stunnel.pem'
@echo ' make genkey'
@echo ' make certreq'
@echo ' make testcert'
%.pem:
umask 77 ;
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ;
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ;
/usr/bin/openssl req -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 ;
cat $$PEM1 > $@ ;
echo ' >> $@ ;
cat $$PEM2 >> $@ ;
$(RM) $$PEM1 $$PEM2
%.key:
umask 77 ;
/usr/bin/openssl genrsa -des3 1024 > $@
%.csr: %.key
umask 77 ;
/usr/bin/openssl req -new -key $^ -out $@
%.crt: %.key
umask 77 ;
/usr/bin/openssl req -new -key $^ -x509 -days 365 -out $@
KEY=/etc/httpd/conf/ssl.key/server.key
CSR=/etc/httpd/conf/ssl.csr/server.csr
CRT=/etc/httpd/conf/ssl.crt/server.crt
genkey: $(KEY)
certreq: $(CSR)
testcert: $(CRT)
$(CSR): $(KEY)
umask 77 ;
/usr/bin/openssl req -new -key $(KEY) -out $(CSR)
$(CRT): $(KEY)
umask 77 ;
/usr/bin/openssl req -new -key $(KEY) -x509 -days 365 -out $(CRT)
Related
How To Set Up Password Authentication with Apache on Ubuntu 14.04 Tutorial
How to Protect Private Kubernetes Services Behind a GitHub Login with oauth2_proxy Tutorial
Introduction
TLS, or transport layer security, and its predecessor SSL, secure sockets layer, are secure protocols created in order to place normal traffic in a protected, encrypted wrapper.
These protocols allow traffic to be sent safely between remote parties without the possibility of the traffic being intercepted and read by someone in the middle. They are also instrumental in validating the identity of domains and servers throughout the internet by establishing a server as trusted and genuine by a certificate authority.
In this guide, we’ll cover how to create a self-signed SSL certificate for Apache on an Ubuntu 14.04 server, which will allow you to encrypt traffic to your server. While this does not provide the benefit of third party validation of your server’s identity, it fulfills the requirements of those simply wanting to transfer information securely.
Note: You may want to consider using Let’s Encrypt instead of a self-signed certificate. Let’s Encrypt is a new certificate authority that issues free SSL/TLS certificates that are trusted in most web browsers. Check out the tutorial to get started: How To Secure Apache with Let’s Encrypt on Ubuntu 14.04
Prerequisites
Before you begin, you should have some configuration already taken care of.
We will be operating as a non-root user with sudo privileges in this guide. You can set one up by following steps 1-4 in our Ubuntu 14.04 initial server setup guide.
![How to make ssl crt for apache on osx windows 10 How to make ssl crt for apache on osx windows 10](/uploads/1/2/5/8/125837002/547019931.png)
You are also going to need to have Apache installed. If you don’t already have that up and running, you can quickly fix that by typing:
Step One — Activate the SSL Module
SSL support actually comes standard in the Ubuntu 14.04 Apache package. We simply need to enable it to take advantage of SSL on our system.
Enable the module by typing:
After you have enabled SSL, you’ll have to restart the web server for the change to be recognized:
With that, our web server is now able to handle SSL if we configure it to do so.
Step Two — Create a Self-Signed SSL Certificate
Let’s start off by creating a subdirectory within Apache’s configuration hierarchy to place the certificate files that we will be making:
Now that we have a location to place our key and certificate, we can create them both in one step by typing:
Let’s go over exactly what this means.
- openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
- req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
- -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
- -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
- -days 365: This specifies that the certificate we are creating will be valid for one year.
- -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn’t create a private key in advance. The
rsa:2048
tells OpenSSL to generate an RSA key that is 2048 bits long. - -keyout: This parameter names the output file for the private key file that is being created.
- -out: This option names the output file for the certificate that we are generating.
When you hit “ENTER”, you will be asked a number of questions.
The most important item that is requested is the line that reads “Common Name (e.g. server FQDN or YOUR name)”. You should enter the domain name you want to associate with the certificate, or the server’s public IP address if you do not have a domain name.
The questions portion looks something like this:
The key and certificate will be created and placed in your
/etc/apache2/ssl
directory.If it shows two screens side-by-side, only one will have a menu bar. Best monitor dock for mac os x sierra. Also, the Arrangement diagram should give you a clue.
Step Three — Configure Apache to Use SSL
Now that we have our certificate and key available, we can configure Apache to use these files in a virtual host file. You can learn more about how to set up Apache virtual hosts here.
Instead of basing our configuration file off of the
000-default.conf
file in the sites-available
subdirectory, we’re going to base this configuration on the default-ssl.conf
file that contains some default SSL configuration.Open the file with root privileges now:
With the comments removed, the file looks something like this:
This may look a bit complicated, but luckily, we don’t need to worry about most of the options here.
We want to set the normal things we’d configure for a virtual host (ServerAdmin, ServerName, ServerAlias, DocumentRoot, etc.) as well as change the location where Apache looks for the SSL certificate and key.
In the end, it will look something like this. The entries in red were modified from the original file:
Save and exit the file when you are finished.
Step Four — Activate the SSL Virtual Host
Now that we have configured our SSL-enabled virtual host, we need to enable it.
We can do this by typing:
We then need to restart Apache to load our new virtual host file:
This should enable your new virtual host, which will serve encrypted content using the SSL certificate you created.
Step Five — Test your Setup
Now that you have everything prepared, you can test your configuration by visiting your server’s domain name or public IP address after specifying the
https://
protocol, like this:You will get a warning that your browser cannot verify the identity of your server because it has not been signed by one of the certificate authorities that it trusts.
This is expected since we have self-signed our certificate. While our certificate will not validate our server for our users because it has had no interaction with a trusted certificate authority, it will still be able to encrypt communication.
Since this is expected, you can hit the “Proceed anyway” button or whatever similar option you have in your browser.
You will now be taken to content in the
DocumentRoot
that you configured for your SSL virtual host. This time your traffic is encrypted. You can check this by clicking on the lock icon in the menu bar:You can see in the middle green section that the connection is encrypted.
Conclusion
You should now have SSL enabled on your website. This will help to secure communication between visitors and your site, but it will warn each user that the browser cannot verify the validity of the certificate.
Download the Adobe Photoshop for mac free download full version. Photoshop for Mac Free Download Full Version CS6. After the release of Creative Suite 5, came the Creative Suite 6. It brought out a lot more features than before and made a complete revolution in Photoshop application. Today, I show how to download Photoshop CS6 free full verssion for Mac. Photoshop CS 6 Macbook full version Adobe Photoshop give you many language when you install Photoshop. How to download photoshop full version free for mac. How to get the Adobe Photoshop CS6 Full version for free. Adobe Photoshop CS6 is the stable version of the industry standard image editor with some great new features. When you first open Adobe Photoshop CS6, the most eye-catching thing is the revamped colorful user interface. To download Adobe Photoshop CC 2018 for Mac OS (1.7 GB) Download PART 1. Download PART 2. How to Install and Crake Adobe Photoshop CC 2018 Mac. After downloading Adobe Photoshop CC 2018 Mac OSx Full Version, extract it. Type “www.p30download.com” in the password box. Now, copy the files in Application. Disconnect your internet. Run Adobe Zii.
If you are planning on launching a public site and need SSL, you will be better off purchasing an SSL certificate from a trusted certificate authority.
If you want to learn more about how to configure Apache, click here. Check out this link for more ideas on how to secure your Linux server.
![](/uploads/1/2/5/8/125837002/188183533.jpg)