This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
tech:ssl [2013/06/02 17:18] krisa created |
tech:ssl [2014/06/24 05:40] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Generating and Placing Self-Signed Key ====== | ||
+ | < | ||
+ | Generating a quick and dirty key | ||
+ | This is not complete for setting up a proper certificate. | ||
+ | |||
+ | openssl genrsa -out fqdn.website.key 2048 | ||
+ | openssl req -new -key fqdn.website.key -out fqdn.website.csr -subj '/ | ||
+ | openssl x509 -req -days 60 -in fqdn.website.csr -signkey fqdn.website.key -out fqdn.website.pem | ||
+ | |||
+ | Placing keys/certs | ||
+ | |||
+ | * Name the key/csr/crt after what the FQDN of the virtualhost will be (or mail server)... mail.opensourcery.com.crt, | ||
+ | * If more than one key/crt will be used on the server create additional groups such as " | ||
+ | |||
+ | |||
+ | / | ||
+ | drwxr-xr-x 2 root root 8744 Jul 20 19:01 certs | ||
+ | -rw-r--r-- 1 root root 1667 Jul 20 18:59 trillian.opensourcery.com.pem | ||
+ | |||
+ | / | ||
+ | drwxr-x--- 2 root ssl 176 Jan 29 2006 private | ||
+ | -r--r----- 1 root ssl 1139 Jul 4 2005 trillian.opensourcery.com.csr | ||
+ | -r--r----- 1 root ssl 1679 Nov 27 2004 trillian.opensourcery.com.key | ||
+ | |||
+ | Make user www-data a part of the ssl group. | ||
+ | </ | ||
+ | |||
+ | ====== Apache2 Configuration ====== | ||
+ | |||
+ | < | ||
+ | ## | ||
+ | # APACHE2 | ||
+ | # | ||
+ | SSLEngine | ||
+ | SSLProtocol | ||
+ | SSLCipherSuite | ||
+ | SSLProxyEngine | ||
+ | SSLCertificateKeyFile | ||
+ | SSLCertificateFile | ||
+ | |||
+ | < | ||
+ | Options FollowSymLinks | ||
+ | AllowOverride None | ||
+ | SSLRequireSSL | ||
+ | </ | ||
+ | </ |