Difference between revisions of "SSL Certificate"
Jump to navigation
Jump to search
Rafahsolis (talk | contribs) (Created page with "Fuente: www.akadia.com/services/ssh_test_certificate.html == Generate self signed certificate == # Generate a Private Key #:<source lang="bash"> openssl genrsa -des3 -out serv...") |
Rafahsolis (talk | contribs) |
||
| Line 2: | Line 2: | ||
== Generate self signed certificate == | == Generate self signed certificate == | ||
# Generate a Private Key | # Generate a Private Key | ||
| − | #:<source lang="bash"> openssl genrsa -des3 -out server.key 1024</source> | + | #:<source lang="bash"> openssl genrsa -des3 -out server.key 1024 </source> |
| − | # | + | # Generate a CSR (Certificate Signing Request) |
| + | #:<source lang="bash">openssl req -new -key server.key -out server.csr</source> (YOUR name must be the fully qualified domain name ej: wiki.herrerosolis.com) | ||
| + | # Remove passphrase from key | ||
| + | #:<source lang="bash">cp server.key server.key.org && openssl rsa -in server.key.org -out server.key</source>-rw-r--r-- 1 root root 891 Jun 29 13:22 server.key | ||
| + | # Generate Self-Signed Certificate | ||
| + | #:<source lang="bash">openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt</source>will generate a temporary certificate which is good for 365 days | ||
| + | # Installing the Private Key and Certificate | ||
| + | #* Apache: | ||
| + | ## Copy server.crt and server.key to apache conf ssl path | ||
| + | ##:<pre> | ||
| + | ##:: cp server.crt /usr/local/apache/conf/ssl.crt | ||
| + | ##:: cp server.key /usr/local/apache/conf/ssl.key</pre>Apache mod_ssl installed required, path may differ depending on apache how apache was compiled | ||
| + | ## Configure Configuring SSL Enabled Virtual Hosts | ||
| + | ##:<pre> | ||
| + | ##:: SSLEngine on | ||
| + | ##:: SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt | ||
| + | ##:: SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key | ||
| + | ##:: SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown | ||
| + | ##:: CustomLog logs/ssl_request_log \ | ||
| + | ##:: "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"</pre> | ||
| + | ## Restart Apache and test | ||
| + | #* Django (Nginx-Gunicorn) | ||
| + | ## TODO! | ||
Revision as of 14:19, 2 March 2016
Fuente: www.akadia.com/services/ssh_test_certificate.html
Generate self signed certificate
- Generate a Private Key
openssl genrsa -des3 -out server.key 1024
- Generate a CSR (Certificate Signing Request)
- (YOUR name must be the fully qualified domain name ej: wiki.herrerosolis.com)
openssl req -new -key server.key -out server.csr
- Remove passphrase from key
- -rw-r--r-- 1 root root 891 Jun 29 13:22 server.key
cp server.key server.key.org && openssl rsa -in server.key.org -out server.key
- Generate Self-Signed Certificate
- will generate a temporary certificate which is good for 365 days
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- Installing the Private Key and Certificate
- Apache:
- Copy server.crt and server.key to apache conf ssl path
- cp server.crt /usr/local/apache/conf/ssl.crt
- cp server.key /usr/local/apache/conf/ssl.key
- Configure Configuring SSL Enabled Virtual Hosts
- SSLEngine on
- SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
- SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
- SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
- CustomLog logs/ssl_request_log \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
- Restart Apache and test
- Django (Nginx-Gunicorn)
- TODO!