KfWiki : ApacheSSL

HomePage :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register

Revision [1914]

Most recent edit made on 2008-09-01 19:03:06 by WikiAdmin

Additions:
Openssl as a client
openssl s_client -connect www.domain.com:443



Revision [1871]

Edited on 2008-08-05 02:31:32 by WikiAdmin

Additions:

ServerAdmin secure@x.com
DocumentRoot "/home/sites/secure.x.com/web"
ServerName secure.x
ErrorLog /home/sites/logs/secure.x.com.err
CustomLog /home/sites/logs/secure.x.com.log combined
DirectoryIndex index.html index.jsp
<Directory "/home/sites/secure.x.com/web">
Order allow,deny
Allow from all
</Directory>
# SSL Config
SSLEngine On
SSLCipherSuite HIGH:MEDIUM:!LOW:!EXP:!NULL
SSLCertificateChainFile /home/sites/secure.x.com/ca.crt
SSLCertificateFile /home/sites/secure.x.com/snakeoil.crt
SSLCertificateKeyFile /home/sites/secure.x.com/snakeoil.key.pem


Deletions:

ServerAdmin secure@x.com
DocumentRoot "/home/sites/secure.x.com/web"
ServerName secure.x
ErrorLog /home/sites/logs/secure.x.com.err
CustomLog /home/sites/logs/secure.x.com.log combined
DirectoryIndex index.html index.jsp
<Directory "/home/sites/secure.x.com/web">
Order allow,deny
Allow from all
</Directory>
# SSL Config
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateChainFile /home/sites/secure.x.com/ca.crt
SSLCertificateFile /home/sites/secure.x.com/snakeoil.crt
SSLCertificateKeyFile /home/sites/secure.x.com/snakeoil.key.pem



Revision [1507]

Edited on 2008-03-18 18:51:19 by WikiAdmin

Additions:
openssl genrsa -out server.key 4096



Revision [1189]

Edited on 2007-11-26 18:59:17 by WikiAdmin

Additions:
openssl req -new -x509 -key server.key -out server.crt -days 360 -set_serial 200711


Deletions:
openssl req -new -x509 -key server.key -out server.crt -days 360



Revision [708]

Edited on 2007-06-13 20:34:37 by WikiAdmin

Additions:
If you do not wish to go through the CSR process, and do not wish to have separate private keys for your CA cert and server cert
openssl req -new -x509 -key server.key -out server.crt -days 360
The longer version - First, generate a CA certificate


Deletions:
First, generate a CA certificate



Revision [575]

Edited on 2007-05-21 22:11:39 by WikiAdmin

Additions:
Add virtual host configuration
%%(apache)
NameVirtualHost 63.131.133.217:443
<VirtualHost 63.131.133.217:443>
ServerAdmin secure@x.com
DocumentRoot "/home/sites/secure.x.com/web"
ServerName secure.x
ErrorLog /home/sites/logs/secure.x.com.err
CustomLog /home/sites/logs/secure.x.com.log combined
DirectoryIndex index.html index.jsp
<Directory "/home/sites/secure.x.com/web">
Order allow,deny
Allow from all
</Directory>
# SSL Config
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateChainFile /home/sites/secure.x.com/ca.crt
SSLCertificateFile /home/sites/secure.x.com/snakeoil.crt
SSLCertificateKeyFile /home/sites/secure.x.com/snakeoil.key.pem
</VirtualHost>



Revision [355]

The oldest known version of this page was edited on 2007-04-25 00:04:31 by WikiAdmin
HomePage » WebServer » Apache » ApacheSSL


Generate a self-signed certificate

First, generate a CA certificate
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt


Then generate a server certificate and a CSR. Do not use the same common name as your CA.
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr


Sign your CSR with your CA certificate
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt


Remove the passphrase from your server private key
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key


Examine your certificates and keys
openssl rsa -noout -text -in server.key
openssl req -noout -text -in server.csr
openssl rsa -noout -text -in ca.key
openssl x509 -noout -text -in ca.crt
Page History :: 2008-09-01 19:03:06 feed icon :: Owner: WikiAdmin :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by WikkaWiki
Page was generated in 0.4157 seconds