This article will guide you on creating a custom Self-signed SSL Certificate in no time. For creating one you would need top have Root access to the host. SSL Certificate is used for securing the access to a website or any apache based WebUI you use and that includes Nagios and Cacti.
First would need to generate the custom certificate files. That would include creating 3 files for it.
Then would need to generate the SSLCertificate file “/etc/pki/tls/”
# cd /etc/pki/tls
# openssl genrsa -out test-server.hm.local.key 2048
# openssl req -new -key test-server.hm.local.key -out test-server.hm.local.csr
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:GB State or Province Name (full name) :State Locality Name (eg, city) [Default City]:NewCity Organization Name (eg, company) [Default Company Ltd]:Vizio Ltd. Organizational Unit Name (eg, section) :DEV Common Name (eg, your name or your server's hostname) :Nagios and Cacti Server Email Address :[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password :password An optional company name :Vizio Ltd
# openssl x509 -req -days 1095 -in test-server.hm.local.csr -signkey test-server.hm.local.key -out test-server.hm.local.crt
And then move the Key, CSR and Cert to the TLS folder on the host
# mv test-server.hm.local.crt /etc/pki/tls/certs/
# mv test-server.hm.local.key /etc/pki/tls/private/
# mv test-server.hm.local.csr /etc/pki/tls/private/
Reflect the location of the newly generated Certs by editing “ssl.conf”
NOTE: If there is no “ssl.conf” then you need to install openssl.
# yum -y install openssl openssl-devel mod_ssl
# vi /etc/httpd/conf.d/ssl.conf
Lastly Restart Apache Service for the Cert to be navigated and picked up
# service httpd restart