Differences

This shows you the differences between two versions of the page.

--- tech:ssl [2013/06/02 17:18]
krisa created
+++ tech:ssl [2014/06/24 05:40] (current)
@@ Line 1: / Line 1: @@
+====== Generating and Placing Self-Signed Key ======
+<code>
+Generating a quick and dirty key
+This is not complete for setting up a proper certificate.
+openssl genrsa -out fqdn.website.key 2048
+openssl req -new -key fqdn.website.key -out fqdn.website.csr -subj '/C=US/ST=Oregon/L=Portland/O=OpenSourcery/CN=fqdn.hostname.com'
+openssl x509 -req -days 60 -in fqdn.website.csr -signkey fqdn.website.key -out fqdn.website.pem
+Placing keys/certs
+    * Name the key/csr/crt after what the FQDN of the virtualhost will be (or mail server)... mail.opensourcery.com.crt, www.opensourcery.com.crt, etc.
+    * If more than one key/crt will be used on the server create additional groups such as "sslweb" "sslmail" and make this the group of the individual files under the certs/private directories.
+/etc/ssl/certs
+drwxr-xr-x 2 root root 8744 Jul 20 19:01 certs
+-rw-r--r-- 1 root root 1667 Jul 20 18:59 trillian.opensourcery.com.pem
+/etc/ssl/private
+drwxr-x--- 2 root ssl 176 Jan 29 2006 private
+-r--r----- 1 root ssl 1139 Jul 4 2005 trillian.opensourcery.com.csr
+-r--r----- 1 root ssl 1679 Nov 27 2004 trillian.opensourcery.com.key
+Make user www-data a part of the ssl group.
+</code>
+====== Apache2 Configuration ======
+<code>
+##
+# APACHE2
+#
+    SSLEngine               On
+    SSLProtocol             -all +TLSv1 +SSLv3
+    SSLCipherSuite          HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH
+    SSLProxyEngine          Off
+    SSLCertificateKeyFile   /etc/ssl/private/www.subtend.net.key
+    SSLCertificateFile      /etc/ssl/certs/www.subtend.net.pem
+    <Directory />
+        Options FollowSymLinks
+        AllowOverride None
+        SSLRequireSSL
+    </Directory>
+</code>

subtend

User Tools

Site Tools

Differences

Page Tools