Wednesday, October 5, 2016

Apache SSL Signing Request with Active Directory Certificate Services

Setup the DNS Address
Make sure that you have DNS configured with the correct FQDN before proceeding. 

Generate a Private Key 
Generate a Private Key
openssl genrsa 2048 > wiki.key

Generate a Request
openssl req -new -key wiki.key  -sha256 > wiki.csr
The important thing on the openssl Req is that you get your common name right. If your server has multiple DNS names, you will need to look into specifying your Subject Alternate Names. Currently not covered in this howto.

Sign the Request on The CA
Copy the Request Over to the CA
certreq -submit -attrib "CertificateTemplate: WebServer" .\wiki.csr

Move the Generated .crt file back over to the server
Place the .key and the .crt files in the apache2 directory. I recommend creating the following directory
/etc/apache2/ssl

sudo mkdir /etc/apache2/ssl && cd /etc/apache2/ssl
sudo chmod 400 *.key
cd ../sites-available
sudo vi default-ssl.conf

Change the following Lines:
SSLCertificateFile        /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

To
SSLCertificateFile /etc/apache2/ssl/wiki.crt

SSLCertificateKeyFile /etc/apache2/ssl/wiki.key

Restart Apache 
This varies from distro to distro, but for me its
sudo service apache2 restart

Verify it works
Navigate to your web server via FQDN. Check your thumbprints against what you have installed on the server. 
To get your sha1 thumbprint on the crt, you can use the following:
openssl x509 -noout -in /etc/apache2/ssl/wiki.crt -fingerprint -sha1

Compare the fingerprint here with the thumbprint listed when you inspect the certificate. 

6 comments:

  1. Nice blog post your gave for us. I heartfully thank you and i request you to add more informations like this in future.
    I have to appreciate you for your great work which you had done in your blog.i want you to add more like this.
    JAVA Training in Chennai
    JAVA Course in Chennai
    Digital Marketing Course in Chennai
    Python Training in Chennai
    Big data training in chennai
    Selenium Training in Chennai
    JAVA Training in Chennai
    JAVA Course in Chennai

    ReplyDelete
  2. Movavi Video Maker includes many opportunities for working with multimedia. If you are looking for video editing software that will help you create videos, Crack Movavi

    ReplyDelete