A little tutorial to show how we generate self-signed certificates. It’s now even easier with the Makefile provided by Linux CentOS / RedHat. I present here briefly how to generate a self-signed certificate. But before I will explain in practice how these certificates work.
How a certificate works
SSL or TLS its successor are protocols for securing internet exchanges. When you log on to your favorite site, for example, you can see that this protocol is enabled when there is a lock to the left of https: //. Your browser will send a secure login request to the website. The website responds by sending a browser certificate. This one contains a public key, site information (name, country, mail, etc.) and a digital signature. The browser will then try to verify the digital signature of the site certificate by using the public keys contained in the certificates of the Certificate Authorities (CA) integrated by default in the browser.
- Case 1: one of them works, your browser then finds the name of the CA that signed the certificate sent by the server. It checks that it has not expired and sends a request to this authority to verify that the server certificate has not been revoked.
- Sub-case 1, the certificate has expired, a warning message appears telling you that the server identity has not been verified by a CA and may therefore potentially be a fraudulent site, Success anyway !!!
- Sub-case 2, the certificate is valid, Success !!!!
- Case 2 none works, your browser attempts to verify the digital signature of the server certificate using the public key contained in it.
- Sub-case 1 Failed, the certificate is invalid, no connection possible.
- Sub-case 2 Success !!, the web server has itself signed its certificate. A warning message appears telling you that the server identity has not been verified by a CA and may potentially be a fraudulent site. This is the case that we will study through this article.
Then, your browser generates a session key via symmetric encryption using the public key contained in the certificate. Then, it passes this session key to the server. The server then decrypts the session key sent by your browser with its private key. Hence the interest of protecting this private key! The exchanges are initiated and you can navigate.
Generating a private key
Generate a Certificate Signing Request (CSR)
Remove the passphrase
Generate a self-signed certificate
Configure Apache server / httpd
In the directory /etc/httpd or /etc/apache2 there must be a configuration file * ssl.conf or an environment dedicated to the configuration of ssl
The following command
will then determine the file. It will then be necessary to configure the apache server so that it can integrate the certificates which you have just generated:
If you found this post or this website helpful and would like to support our work, please consider making a donation. Thank you!Help Us
Articles in the same category
- Linux - Tip of the day
- Time a task: time
- SVN -- How to ignore file or directory in subversion?
- SVN -- Branch, Branching subversion howto
- Speedup GNU make build and compilation process
- phpMyAdmin: Search and Replace in MySQL database
- Linux How to delete or remove printer from command line
- Linux How to connect to Windows with remote desktop RDP in CentOS 7 / RedHat 7
- Intel compilation for MIC architecture KNL Knights Landing
- How to setup SSH timeout in shell script ?
- How to make a denial of a service with fork functions in BASH ?
- How to encrypt/decrypt a file or directory in Linux?
- How to diff remote files using ssh ?
- How to Convert Text File From ISO-8859-15 to UTF-8 Encoding
- How to change the MAC address on Linux
- Got permission denied while trying to connect to the Docker daemon socket
- GNU compilation for MIC architecture KNL Knights Landing
- Generating a self-signed certificate using OpenSSL with Linux CentOs/RedHat for Apache/httpd
- Find out biggest cpu/memory consuming processes with ps command
- Find list of options that python was compiled with
- Download music and videos .mp3, .wma, .avi, .mpg , divx with google
- Crontab : Scheduling Tasks
- Comment changer son adresse MAC sous Linux
- Check/find version of numpy i'm using
- Archiving and compressing data files tar