If you want to have SSL enabled on your webserver, you may want to generate self signed certificates.
- cd ~
- mkdir ssl
- openssl genrsa -des3 -out server.key 4096
- openssl req -new -key server.key -out server.csr
- openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- openssl rsa -in server.key -out server.key.insecure
- mv server.key server.key.secure
- mv server.key.insecure server.key
Step 3: Generating the key, use any pass phrase.
Step 4: Creating the certificate signing request
Step 5: Signing the certificate signing request
Step 6: Making a key that has no pass phrase
Note: Ensure that all keys are not readable to others. chmod 700 the ssl directory and chmod 600 all the keys.
To install the key on a litespeed web server
- create a new listener, call it for example, ‘secure’
- go to the ssl tab and specify the following values:
- Private Key File: $SERVER_ROOT/ssl/server.key
- Certificate File: $SERVER_ROOT/ssl/server.crt
- Chained Certificate: no
- CA Certificate Path: $SERVER_ROOT/ssl
- CA Certificate File: Not Set
- Copy the entire ssl directory generated above to the litespeed server root
- Chmod the entire ssl directory to 700, and chmod the keys to 600
- Chown/Chgroup the entire ssl directory to the lsadm user