0

I generated certs using the following command 

openssl req -new -newkey rsa:2048 -nodes -keyout rrr.key -out rrr.csr

I then created the following file ssl-001.conf in the sites-available folder

<VirtualHost _default_:444>
       DocumentRoot /var/www/html/endpoint/
       ServerName safcom.co.ke

       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined

       SSLEngine on
       SSLCertificateFile    /home/xxxx/rrr.csr
       SSLCertificateKeyFile /home/xxxx/rrr.key
</VirtualHost>

Then changed ports.conf to this

<IfModule ssl_module>
    Listen 443
    Listen 444
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
    Listen 444
</IfModule>

Then restarted my server and it didn't work. What i am trying to achieve is to have my port 80 and 443 to run as normal but have an additional port 444 which has ssl. What am I doing wrong? My understanding is that you can have one certificate per ip or port!

sqwale
  • 141
  • 1
  • 8
  • What does `didn't work` mean? What is the exact error message you are getting? And why do you want do run http on the https default port 443? You can use different certificates on different named vhosts. The ports or IPs are irrelevant (for apache). – Gerald Schneider Jul 28 '17 at 12:12

1 Answers1

0

You created a Certificate Signing Request (CSR). What you need is either someone who signs this request (i.e. a Certificate Authority) or you can self-sign it (but it won't be trusted and you'll get a browser warning).

Self-signing is a rather simple process with openssl:

openssl x509 -in rrr.csr -out rrr.crt -req -signkey rrr.key -days 1001

After you did that, you'll have a file called rrr.crt. Just change rrr.csr in your config to rrr.crt and apache should start using your self-signed certificate.

See also this post: https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl

Andreas Rogge
  • 2,853
  • 11
  • 24