Creating a self signed SSL Certificate - A Brain Dead Script
I have an SSL instance running in the house so that I can access my home Subversion installation remotely. The certificate I generated for this site expired a few months ago and I have procrastinated regenerating it because I seemed to remember it was complicated and I didn’t want to spend the time.
Well, it winds up its not that bad. I found a great summary of the commands necessary in order to do it, and threw together a very quick script to string them all together in order to create SSL certificates for a general host name and figured I’d throw it up here.
I generalized it thinking that I could have two certificates for the virtual hosts I have running on my home server. Unless I’m looking at old information, however, it doesn’t seem that you can have different SSL certificates for virtual hosts running on the same IP address under Apache 2. If you can, and someone knows how to configure Apache to do so, please let me know.
Here’s the script I used to generate the self signed SSL certificates for the house. Super simple. Now I just have to remember to source the script ;).
#!/bin/bash
# Cert4Host.sh - Generate SSL Certificates for a host name.
HOSTNAME="$1";
if [ -z "${HOSTNAME}" ]; then
echo "Usage : Cert4Host.sh HOSTNAME";
exit;
fi
if [ ! -e pass.key ]; then
openssl genrsa -des3 -out pass.key 1024
else
echo "Key already exists ... skipping ..."
fi
openssl rsa -in pass.key -out $HOSTNAME.key
openssl req -new -key $HOSTNAME.key -x509 -out $HOSTNAME.crt -days 999
sudo cp $HOSTNAME.key /usr/local/apache2/conf/ssl.key
sudo cp $HOSTNAME.crt /usr/local/apache2/conf/ssl.crt
Don’t forget to change your Apache SSL configuration to point to the new certificate and key (<hostname>.crt and <hostname>.key, respectively) and restart Apache.
Related posts
Tagged with: apache, Linux, ssl
