CODEWITHSUNDEEP
apachesslhttpscertificateself-signed
Link
Link

Reputation: 709

Ignoring self signed certificate on apache

The main idea is i want to upgrade my real webpage to https, but it's in production and i want to make this upgrade in my local server to be sure it's working properly and after that move all changes to production. So i'm trying to create local https website but my browser Google Chrome give me error. I wrote this commands in my linux terminal for creating self signed certificate

    sudo openssl req -new -sha256 -out new.ssl.csr
    sudo openssl rsa -in privkey.pem -out new.cert.key
    sudo openssl x509 -in new.ssl.csr -out new.cert.cert -req -signkey new.cert.key -days 256
    sudo cp new.cert.cert /etc/ssl/certs/server.crt
    sudo cp new.cert.key /etc/ssl/private/server.key

And i changed my host configuration file like this


    VirtualHost *:80
        ServerName localsite
        DocumentRoot /var/www/localsite

        ErrorLog ${APACHE_LOG_DIR}/localsite_error.log
        CustomLog ${APACHE_LOG_DIR}/localsite_access.log combined
    VirtualHost

    VirtualHost *:443
        ServerAdmin [email protected]
        ServerName localsite.local
        DocumentRoot /var/www/localsite

        ErrorLog ${APACHE_LOG_DIR}/localsite_error.log
        CustomLog ${APACHE_LOG_DIR}/localsite_access.log combined

        SSLEngine on
        SSLOptions +StrictRequire
        SSLCertificateFile /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key
    VirtualHost

    sudo service apache2 restart

And after it i export certificate from my file and import it to Google Chrome and still having ERR_CERT_AUTHORITY_INVALID error. What i'm doing wrong?

Upvotes: 1

Views: 2329

Answers (2)

softninja
softninja

Reputation: 197

If you use self signed certificate, browsers will alert you error like that.

So you should use certificate signed by known authorities. I have ever used letsencrypt.

For that, you should purchase your own domain name for your site at first.

Upvotes: 0

Stephan Vierkant
Stephan Vierkant

Reputation: 10174

I used this tutorial to create a self-signed certificate. It looks like what you did to create one.

I forgot to fill in the Common Name (e.g. server FQDN or YOUR name). You can leave all fields empty, but this one should be answered. In your example, it should be localsite.local.

After creating your certificate, upload it to chrome://settings/certificates and the padlock will turn green.

Upvotes: 1

Related Questions