Https/SSL Certificate and setup in Opensuse Leap 42.1

Hello,

I loaded leap into a virtual machine to test a webserver setup. Below were the steps and issue I encountered
Installed leap with web server option
Utilized YAST to setup the initial HTTP apache2 setup
Verified I could get to the “It works page” HTTP://myIP
Enabled SSL module via yast
In listen.config file enabled listing to port 443
Tried to verify in web browser HTTPS://myip. Result was an error message that connection could not be established.

I tried to setup a self signed certificate by running the following ./mkcert.sh make --no-print-directory /usr/bin/openssl /usr/sbin/ custom in the correct directory as outlined in the suse admin documentation.
When I type the above command I receive the error that ./mkcert.sh command does not exist.

Is the above command still correct or do I setup a cert with a different command and what are the correct steps afterwards?

Thank you,

Don’t worry. I don’t remember that thing ever working for me. I just work around it. I manually generate a key with

openssl genrsa -out /etc/apache2/ssl.key/my.key 2048

and then use it to create a self-signed certificate

openssl req -new -x509 -key /etc/apache2/ssl.key/my.key -out /etc/apache2/ssl.crt/my.crt -days 548

I’ve also never been able to use YaST to tell Apache to actually use the certificate and key, but hopefully this is something that works smoothly in Leap; I don’t know because I’ve not tried it yet. I normally just edit the Apache2 config files manually, but it might be worth checking to see if you can set it up through YaST. It’s been a while since I did it last, but I seem to remember that you have to make some config changes through YaST, otherwise they just get wiped out after some updates to Apache.

I’ll just leave it at that for now 'cause I don’t really want to try and advise you how to modify a version of OpenSuse that I’ve never even used. Hopefully, that’s enough to get you going, but feel free to post back if you need more help. I’m sure there’ll be plenty of people that have used the Leap version that can be more helpful.

Thanks,
I was able to confirm this worked for creating the keys and created the myssl-host.conf in vhost.d folder. I verified when entering https://localhost in a web browser it displays “It works!”.

Glad to hear that helped. The certificate that the above command produces will last for about 18 months. If you want to change how long it is valid for, simply change the last option -days to something else.