How to create Open SSL and Implement in Virtual Host

Here we will talk about how we can create new openssl and then how we can impliment the new openssl. on our linux server. just follow this blog step by step

Create Open SSL

first of all install open ssl module in your server, follow the following command to install and verify ssl instalation.

sudo apt-get install openssl -y //install ssl
which openssl //verify installation

create a empty folder and then create ssl using following command in that folder.

• openssl: This is the command to use OpenSSL, a tool for working with cryptographic operations and certificates.
  
  
• req: This tells OpenSSL that you want to perform certificate request-related operations.
  
  
• -new: It means you want to create a new certificate request.
  
  
• -newkey rsa:4096: This part tells OpenSSL to generate a new RSA private key with a size of 4096 bits. RSA is a type of cryptographic algorithm used for secure communication.
  
  
• -x509: This option tells OpenSSL that you want to create a self-signed certificate, which means you're both the issuer and the subject of the certificate.
  
  
• -days 365: Here, you specify that you want the certificate to be valid for 365 days, meaning it will expire after a year.
  
  
• -nodes: This means you don't want to encrypt the private key with a passphrase. It makes the private key unprotected. if you want add protection layer then don't add this property in final command
  
  
• -out MyCert.crt: This specifies the name of the output file where the certificate will be saved. In this case, it will be saved as "MyCert.crt."
  
  
• -keyout Mykey.key: This specifies the name of the output file where the private key will be saved. In this case, it will be saved as "Mykey.key."

 So Final command :

openssl req -new -newkey rsa:4096 -x509 -days 365 -nodes -out MyCert.crt -keyout Mykey.key

Implement SSL in Virtual Host | Server

go to site-available folder for this you can do

cd /etc/apache2/sites-available

open virtual host file in editing mode 

sudo vim leran-test.conf

now in this file make following changes

• change port 80 to 443
• add this line(SSLEngine on)
• add ( SSLCertificateFile /etc/ssl/certs/YourCrtFileName.crt )
• add ( SSLCertificateKeyFile /etc/ssl/yourKeyFileName.key )

 

Now enable your ssl module  and disable default ssl, and restart apache service using following command

a2enmod ssl //enable your ssl

a2dissite default-ssl.conf //disable default ssl

sudo systemctl reload apache2 //will reload apache service

Now hit your domain with https, then it will work fine

Thanks.