Obtain and Configure SSL Certificates for a Linux Web Server in an AD CS Environment
Last updated: Nov 2, 2024
In this article I'll show you how to set up, SSL certificates for a GNU/Linuxweb server in an AD CS environment. The aim is to have web servers available on the corporate network secured by SSL but without the warning that can be encountered with self-signed certificates.
I'll be using a Debian machine with an Apache HTTP Server, but this can be reproduced on any distribution and any web server.
Generating a Certificate Signing Request (CSR)
From the debian server, create an openssl-san.cnf file, example here with a web server named webserver.std.local which has the following IP address: 192.168.1.200. Note the different alternative names, corresponding to the different urls that users can use to access the website:
Edit the configuration file of your https apache2 site, for example here the file /etc/apache2/sites-enabled/default-ssl.conf:
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/webserver.std.local.pem
SSLCertificateKeyFile /etc/ssl/private/webserver.std.local.key
From a machine in the domain, open a web browser and connect to the web server url (https://webserver for example). You shoul no longer see the warning. From the web browser, you can check the certificate properties: