SSL Web Server
Generate Certificates
Method 1: 不需要 CA 的憑證
mkdir /etc/apache2/certs
cd /etc/apache2/certs
openssl genrsa -out myhomepbx.key 2048
openssl req -new -key myhomepbx.key -out myhomepbx.csr
openssl x509 -req -days 3650 -in myhomepbx.csr -signkey myhomepbx.key -out myhomepbx.crt
Method 2: 需要 CA 的憑證
# generate CA
cd /etc/ssl/homepbx-certs
openssl req -new -x509 -extensions v3_ca -keyout ca.key -out ca.crt -days 3650
# generate Server certificates
cp /etc/ssl/openssl.conf ./openssl.homepbx.cnf
touch index.txt
echo '01' > serial
openssl genrsa -out server.key 2048
openssl req -config openssl.homepbx.cnf -new -keynodes -keyout server.key -out server.csr
openssl ca -config openssl.homepbx.cnf -days 3650 -in server.csr -out server.crt
Apache Setup