Apache

How to create a CSR (Certificate Signing Request) in Linux using OpenSSL

Before you can purchase or create your own self signed SSL certificate, you must first create a CSR (Certificate Signing Request) and a Private Key. These two files much be created simultaneously or the resulting SSL certificate will not work.

As root, run the following command:

openssl req -nodes -newkey rsa:2048 -keyout sub.domain.com.key -out sub.domain.com.csr
Generating a 2048 bit RSA private key
............+++
.......................+++
writing new private key to 'sub.domain.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:State
Locality Name (eg, city) [Default City]:City
Organization Name (eg, company) [Default Company Ltd]:Business Name or Domain.com
Organizational Unit Name (eg, section) []:optional
Common Name (eg, your name or your server's hostname) []:sub.domain.com
Email Address []:optional

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Enter
An optional company name []:Enter

With the above command, both the CSR (sub.domain.com.csr) and Private Key (sub.domain.com.key) files are created.

It is important to note in the above example to use the fully qualified domain name (FQDN) for the “Common Name”. If you are going to use the certificate with www.domain.com, enter “www.domain.com”. If you are using an alternate subdomain, such as orders, type “orders.domain.com”.

Some SSL providers may create certificates that work for both domain.com and www.domain.com, but there is no guarantee this will work for you.

By admin on September 16, 2014 | Apache | A comment?

How to use a2ensite and a2dissite with rpm based apache systems

One thing this author prefers, it is the Debian (apt-get) style use of a2ensite and a2dissite to enable and disable hosted domains. This guide will show you how to set up a similar system in rpm based (Redhat, Fedora, CentOS, etc) systems.

Set up instructions

To setup a similar system on your rpm based server, simply follow the steps outlined below.

Create the folder structure

As root, run the following commands:

mkdir /etc/httpd/sites-available
mkdir /etc/httpd/sites-enabled

Edit httpd.conf

The first step is to include the sites-enabled folder in your httpd.conf file.

nano /etc/httpd/conf/httpd.conf

Now add the following line at the bottom of the file and save the file.

Include sites-enabled/*.*

Restart apache to use the new setting

service httpd restart

Create the a2ensite and a2dissite commands

Create the following files and add the content displayed.

a2ensite

nano /usr/local/bin/a2ensite
#! /bin/bash

# bash script to use debian style vhosts
# vhost file must be in /etc/httpd/sites-available
# script will make a softlink to /etc/httpd/site-enabled
# and restart httpd
# use a2dissite to remove the link

AVAILABLE="/etc/httpd/sites-available"
ENABLED="/etc/httpd/sites-enabled"
FILE="$1"

if [ -f $AVAILABLE/$FILE ]
then
    	if [ -s $AVAILABLE/$FILE ]
        then
            	ln -s $AVAILABLE/$FILE $ENABLED/$FILE
                service httpd restart
        else
            	echo "File $FILE is empty. No action taken"
        fi
else
    	echo "File $FILE does not exist. No action taken"
fi

a2dissite

nano /usr/local/bin/a2dissite
#! /bin/bash

# bash script to use debian style vhosts
# vhost file must be in /etc/httpd/sites-available
# script will delete a softlink from /etc/httpd/site-enabled
# and restart httpd
# use a2ensite to restore the link

AVAILABLE="/etc/httpd/sites-available"
ENABLED="/etc/httpd/sites-enabled"
FILE="$1"

if [ -f $ENABLED/$FILE ]
then
    	rm -f $ENABLED/$FILE
        service httpd restart
else
    	echo "File $FILE does not exist. No action taken"
fi

Set the files as executable

chmod 744 /usr/local/bin/a2ensite
chmod 744 /usr/local/bin/a2dissite

How to use

The examples below assume you named the domain virtual configuration files after the domain name.

These versions of a2ensite and a2dissite differ from the Debian (apt-get) system by automatically restarting apache upon success. With apt-get based systems, you need to manually restart apache.

Create the virtual host configuration file

This can be used as a very basic, yet functioning virtual host configuration file:

nano /etc/httpd/sites-available/domain.com
<VirtualHost *:80>
        ServerAdmin     admin@domain.com
        ServerName	domain.com
        ServerAlias     www.domain.com
        DocumentRoot    /var/www/vhosts/domain.com/httpdocs/
        ErrorLog        /var/www/vhosts/log/error_log
        TransferLog     /var/www/vhosts/log/access_log
        LogLevel warn
</VirtualHost>

Enable a site

a2ensite domain.com

Disable a site

a2dissite domain.com
By admin on April 28, 2014 | Apache | A comment?