Creating a Certificate in Apache

This topic describes the procedure for creating a certificate in Linux.

Certificates can be created but they need to be trusted by the server for authentication. This topic describes the procedure for creating a sample certificate with IP address as the Subject Alternate Name to work with Event handling.

1. Copy the opensll.cnf file from <Apache Installation Directory>\Apache Software Foundation\Apache2.2\conf to a temporary folder.
2. Event service uses IP address as an alternate domain to receive events from the server. Therefore, if the application you are developing uses Event service then you must specify the subject alternative name as the machine name and the IP address. To perform this, open openssl.cnf file in the temporary folder and add the following line below [ v3_req ]:

   subjectAltName=DNS: machineName,DNS: ipAddressOfMachine

   For example:

    subjectAltName=DNS: computer1 , DNS: 10.192.178.32

   The certificate request generated will now have the extra attribute subjectAltName with the given values.
3. To request for a server certificate, navigate to the temporary folder in the command prompt and type the following:

   openssl req -config openssl.cnf -new -out <server certificate name>.csr  -reqexts v3_req
   

   In the above step the certificate request file will be generated. Send this .csr to Certificate Authorities to get the certificate. After the certificate is issued, open the certificate and go to Details tab and ensure that the attribute Subject Alternate Name contains the value that you have given in the openssl.cnf file.
4. To create a private key for the certificate, type the following in the command prompt :

   openssl rsa -in privkey.pem -out <server certificate name>.key

   Note: This private key can be read by Apache server and the Administrator alone.
   The certificate is generated.