Requirements
You’ll need a Certificate Authority. To create your own, follow these steps: Certificates - Quick Certificate Authority setup
Set Up the server SSL Certificate
y%20setup.md)shell openssl genrsa -out httpd.key 2048
2. **Create a Certificate Signing Request (CSR)**
Create a configuration file `httpd_openssl.cnf`:
```shell
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
C = AU
ST = Some-State
L = Some-City
O = Your-Organization
CN = 192.168.3.2
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
IP.1 = 192.168.3.2
DNS.1 = your.hostname
- Generate the CSR using this configuration file
openssl req -new -key httpd.key -out httpd.csr -config httpd_openssl.cnfCA-side
- Sign the CSR with the CA to create the server Certificate
openssl x509 -req -in httpd.csr -CA ~/myCA/myCA.crt -CAkey ~/myCA/myCA.key \
-CAcreateserial -out httpd.crt -days 365 -sha256 \
-extfile httpd_openssl.cnf -extensions req_extThis signs the GLPI server CSR with the CA’s private key and certificate to create the GLPI server certificate (glpi.crt).
- Create a Full Chain Certificate
Concatenate the GLPI server certificate and the CA certificate:
cat glpi.crt ~/myCA/myCA.crt > glpi_fullchain.crtConfigure Apache
Server-side
- Copy Certificates to Appropriate Locations
sudo cp httpd.key /etc/ssl/private/
sudo cp httpd_fullchain.crt /etc/ssl/certs/- Update Apache Configuration
Edit the Apache virtual host configuration to use the new certificates:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/glpi_fullchain.crt
SSLCertificateKeyFile /etc/ssl/private/glpi.key
[...]For web-browsing
If you import the CA certificate in your favorite browser (or in your OS), you will not get a “self-signed” alert when connecting to your website if it has a self-signed certificate.