KBEC-00372 - Self-signed Apache certificate install

Article ID:360033189371
2 minute readKnowledge base

Summary

How to create and install self-signed Apache certificate on Electric CloudBees CD (CloudBees Flow) server.

Solution

  1. Generate a Private Key

For such needs openssl tool can be used.

openssl genrsa –des3 –out server.key 2048

command above allow you to create your RSA Private Key, during the execution you’ll be prompted to enter a pass phrase for your key.

output of the command:

Generating RSA private key, 2048 bit long modulus
...............................+++
..................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

  1. Generate a Certificate Signing Request

After private key is generated Certificate Signing Request can be generated.

openssl req -new -key server.key -out server.csr

You will be prompted for next information to input:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
This CSR can be sent to Certificate Authority, who will verify identity of the requestor and issue a signed certificate_ _.

  1. Remove Passphrase from key

By removing passphrase from certificate, we allow apache to not to ask it each time the service is started.

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

  1. Generate Self-signed Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

  1. Backup your original Private Key and certificate

mv /opt/electriccloud/electriccommander/apache/conf/server.crt  /opt/electriccloud/electriccommander/apache/conf/server.crt.orig
mv /opt/electriccloud/electriccommander/apache/conf/server.csr  /opt/electriccloud/electriccommander/apache/conf/server.csr.orig
mv /opt/electriccloud/electriccommander/apache/conf/server.key  /opt/electriccloud/electriccommander/apache/conf/server.key.orig

  1. Copy newly generated Private Key and certificate

cp server.crt /opt/electriccloud/electriccommander/apache/conf
cp server.csr /opt/electriccloud/electriccommander/apache/conf
cp server.key /opt/electriccloud/electriccommander/apache/conf

Please make sure that these files have the same owner as all other files in electriccommander folder:

ls -la /opt/electriccloud/electriccommander/apache/conf/
total 272 drwxr-xr-x  3 build build  4096 Jul  3 19:22 .
drwxr-xr-x 12 build build  4096 Jul 10 14:17 ..
drwxr-xr-x  2 build build  4096 Jul  3 19:22 conf.d
-rw-r--r--  1 build build 26207 Jul  3 19:22 httpd.conf
-rw-rw-rw-  1 build build 26211 Jul  3 19:22 httpd.conf.orig
-rw-r--r--  1 build build 12958 Sep 13  2016 magic
-rw-r--r--  1 build build 53011 Sep 13  2016 mime.types
-rw-r--r--  1 build build 42250 Jul  3 19:22 php.ini
-rw-rw-rw-  1 build build 42261 Jul  3 19:22 php.ini.orig
-rw-r--r--  1 build build   875 Jul  3 19:22 server.crt
-rw-r--r--  1 build build   769 Jul  3 19:22 server.csr
-r--------  1 build build   887 Jul  3 19:22 server.key
-rw-r--r--  1 build build   534 Jul  3 19:22 serverssl.cnf
-rw-r--r--  1 build build 12410 Jul  3 19:22 ssl.conf
-rw-rw-rw-  1 build build 12417 Jul  3 19:22 ssl.conf.orig

  1. Restart commanderApache.

/etc/init.d/commanderApache stop
/etc/init.d/commanderApache start