Generate self signed SSL certificate for apache

certificate apache-2.2 ssl openssl

I want to create self signed certificate for the website. The old certificate expired few days ago. There are more than one NameVirtualHosts hosted on systems. The commands I am using to create certificate are taken from one tutorial website and are:

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr 
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

After this in ssl.conf file I have specified under VirtualHost section along with old settings done by other admin

SSLEngine on
SSLCertificateFile <full_path>/server.crt
SSLCertificateKeyFile <full_path>/server.key

On starting the server I am getting following messages in log file and server fails to start.

In error_log file messages are

 [Mon Jun 01 23:52:46 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

In ssl_error_log file messages are

 [Mon Jun 01 23:52:46 2009] [error] Init: Private key not found
 [Mon Jun 01 23:52:46 2009] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
 [Mon Jun 01 23:52:46 2009] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
 [Mon Jun 01 23:52:46 2009] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
 [Mon Jun 01 23:52:46 2009] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

I would really appreciate if some one can explain how to solve this. I have tried a few other tutorial website on self signed SSL certificates but none of the steps they mention are working.


Use this one liner to generate the certificate and key in one file

openssl req -new -x509 -days 999 -nodes -out apache.pem -keyout apache.pem

Then the only configuration you'll need is 

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

This may seem a bit trivial, but check the permission on your .key file

Related

Can't enter iLO3 at bootup (HP ProLiant DL360 G7)
How can I have a Linux machine join a Windows Domain?
Is there any DNS that supports Geo-location / Directional DNS?
Simple tool to graph memory usage?
how do i perform root actions from non-root account?
Nginx proxy to back-end with SSL client certificate authentication
Weird memory usage in Windows Server 2008 R2
How do I permanently delete e-mail messages in the sendmail queue and keep them from coming back?
Are there any good and lightweight LDAP querying tools? [closed]
Should I completely turn off swap for linux webserver?
What should I do about a "misbehaving" user?
Consumer (or prosumer) SSD's vs. fast HDD in a server environment