This uses a Microsoft Certificate Authority. If you want a self-signed SSL, check the bottom of the post.<\/p>\n
I needed to create a way for end users to go to a site (http:\/\/callmanager) and be able to login to their Cisco Callmanager page without receiving any certificate errors. Unfortunately the call manager device was named “imcm1”, and cisco won’t let me create a certificate for anything besides the device name. Our users were trained to use “callmanager” as the name. So I had two options:
\n1.) Re-Train employees to no longer use the easier to remember “callmanager” name
\n2.) Utilize an Ubuntu webserver to redirect the users where I want them to be
\nObviously I chose the much harder route – well it’s harder technically, but… yes.<\/p>\n
Using Ubuntu 10.04.1 LTS x32. I installed LAMP and SSH. This is on a domain (company.local) running windows 2003 and AD. There is a Certificate Authority installed on one of the domain controllers (2003 Enterprise). I use Putty and WinSCP.<\/p>\n
Update Ubuntu:<\/strong> Create the CSR:<\/strong> Country Name: US Copy The Certificate To Your Certificate Authority:<\/strong> Copy everything from “—–BEGIN CERTIFICATE REQUEST…” to “…END CERTIFICATE REQUEST—–” Convert And Install The Certificate On Ubuntu:<\/strong> Edit Apache To Support SSL:<\/strong> Finish The Redirect:<\/strong> Test! Works for me!<\/p>\n Create A Self-Signed Certificate: This uses a Microsoft Certificate Authority. If you want a self-signed SSL, check the bottom of the post. I needed to create a way for end users to go to a site (http:\/\/callmanager) and be able to login to their Cisco Callmanager page without receiving any certificate errors. Unfortunately the call manager device was named … Continue reading Add SSL To Apache2 Ubuntu<\/span>
\nI run everything as root. So su to root.
\napt-get update<\/code>
\napt-get upgrade<\/code>
\napt-get dist-upgrade<\/code><\/p>\n
\nmkdir \/etc\/apache2\/ssl
\ncd \/etc\/apache2\/ssl
\nopenssl genrsa -out callmanager.key 1024
\nchmod 640 callmanager.key
\nopenssl req -new -key callmanager.key -out callmanager.csr<\/code>
\nProvide your information:<\/p>\n
\nState: IL
\nCity: Chicago
\nOrganization Name: Company
\nOrganization Unit: IT
\nCommon Name: FQDN_Here! I used “callmanager”, but you may be utilizing “callmanager.domain.local”
\nEmail: blank
\nChallenge password: blank
\nOptional company: blank<\/p><\/blockquote>\n
\ncat callmanager.csr<\/code><\/p>\n
\nConnect to your certificate authority: http:\/\/certificateserver\/certsrv. My Win7 would not<\/u> work with a 2003 Server CA so I had to run it local on the server (http:\/\/localhost\/certsrv)
\nClick Request A Certificate
\nClick advanced certificate request
\nChoose the middle option (PKCS #10 or PKCS#7)
\nPaste what you copied above into the Saved Request area
\nChoose the certificate template “Webserver”
\nClick submit
\nClick Download certificate (DER encoding!)<\/p><\/blockquote>\n
\nCopy the .cer file (callmanager.cer) to your linux box in the \/etc\/apache2\/ssl directory
\nchmod 640 callmanager.cer
\nopenssl x509 -in callmanager.cer -inform d -out callmanager.pem
\nchmod 640 callmanager.pem<\/code><\/p>\n
\na2enmod ssl
\napache2ctl restart
\ncp \/etc\/apache2\/sites-available\/default-ssl ..\/sites-enabled\/
\nnano \/etc\/apache2\/sites-enabled\/default-ssl<\/code>
\nScroll down to “SSLCertificateFile \/etc\/ssl…”
\nChange the location to be \/etc\/apache2\/ssl\/callmanager.pem<\/code>
\nThen, scroll down to “SSLCertificateKeyFile \/etc\/ssl…”
\nChange the location to be \/etc\/apache2\/ssl\/callmanager.key<\/code><\/p>\n
\nUnder the SSLCertificate edits, I added the following:
\nServerName callmanager<\/code>
\nRedirect permanent \/ https:\/\/imcm1\/<\/code>
\nSave the file
\napache2ctl restart<\/code><\/p>\n
\nHopefully coming soon.<\/p>\n","protected":false},"excerpt":{"rendered":"