SSL certificates to enable HTTPS.
The following documents the steps required to generate the SSL certificate and install/configure it in Wildfly.
You can get some cheap SSL certificates here: https://www.ssls.com or godaddy.com
First you need to create a CSR (certificate signing request). It’s recommended to use at least a 2048 bit key and you can generate one with the following command:
1 openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr
The output will be similar to the following:
Generating a 2048 bit RSA private key
...............................................................................+++
...........+++
writing new private key to 'yourdomain.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Next answer the questions you are prompted for:
Country Name (2 letter code) [AU]:NZ
State or Province Name (full name) [Some-State]:Canterbury
Locality Name (eg, city) []:Christchurch
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dark Horse Software
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:yourdomain.com
Email Address []:<a valid email address> (I use ssl@yourdomain.com)
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:<secret password>
An optional company name []:
Finally you are ready to request your SSL certificate. Go and purchase a certificate from any trusted SSL certificate provider. A standard certificate is probably all you need for basic security. I get mine from: https://www.ssls.com.
After purchasing you will need to activate your certificate. Your provider will ask you to copy and paste in the CSR you created above. Copy everything in that file.
~$ cat yourdomain.com.csr
-----BEGIN CERTIFICATE REQUEST-----
<Random characters in here>
-----END CERTIFICATE REQUEST-----
After your certificate is issued download it (and unzip if needed).
<VirtualHost *:443>
ServerName yourservername
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/daebd1197e697cdd.crt
SSLCertificateKeyFile /etc/httpd/ssl/opentap.in.key
#modjk mount
<Location />
JkMount node1
Order deny,allow
Allow from all
</Location>
</VirtualHost>
The following documents the steps required to generate the SSL certificate and install/configure it in Wildfly.
You can get some cheap SSL certificates here: https://www.ssls.com or godaddy.com
First you need to create a CSR (certificate signing request). It’s recommended to use at least a 2048 bit key and you can generate one with the following command:
1 openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr
The output will be similar to the following:
Generating a 2048 bit RSA private key
...............................................................................+++
...........+++
writing new private key to 'yourdomain.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Next answer the questions you are prompted for:
Country Name (2 letter code) [AU]:NZ
State or Province Name (full name) [Some-State]:Canterbury
Locality Name (eg, city) []:Christchurch
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dark Horse Software
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:yourdomain.com
Email Address []:<a valid email address> (I use ssl@yourdomain.com)
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:<secret password>
An optional company name []:
Finally you are ready to request your SSL certificate. Go and purchase a certificate from any trusted SSL certificate provider. A standard certificate is probably all you need for basic security. I get mine from: https://www.ssls.com.
After purchasing you will need to activate your certificate. Your provider will ask you to copy and paste in the CSR you created above. Copy everything in that file.
~$ cat yourdomain.com.csr
-----BEGIN CERTIFICATE REQUEST-----
<Random characters in here>
-----END CERTIFICATE REQUEST-----
After your certificate is issued download it (and unzip if needed).
<VirtualHost *:443>
ServerName yourservername
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/daebd1197e697cdd.crt
SSLCertificateKeyFile /etc/httpd/ssl/opentap.in.key
#modjk mount
<Location />
JkMount node1
Order deny,allow
Allow from all
</Location>
</VirtualHost>
No comments:
Post a Comment