Difference between revisions of "SSL Certificate"

Fuente: www.akadia.com/services/ssh_test_certificate.html

Generate self signed certificate

1. Generate a Private Key

    openssl genrsa -des3 -out server.key 1024
   

    openssl genrsa -aes256 -out server.key 4096
   

   (better security)

2. Generate a CSR (Certificate Signing Request)

   openssl req -new -key server.key -out server.csr
   

   (YOUR name must be the fully qualified domain name ej: wiki.herrerosolis.com)

3. Remove passphrase from key

   cp server.key server.key.org && openssl rsa -in server.key.org -out server.key
   

   -rw-r----- 1 root ssl-cert 891 Jun 29 13:22 server.key
   -rw-r--r-- 1 root ssl-cert 891 Jun 29 13:22 server.crt

4. Generate Self-Signed Certificate

   openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
   

   will generate a temporary certificate which is good for 365 days

5. Installing the Private Key and Certificate
   • Apache:
   1. Copy server.crt and server.key to apache conf ssl path chmod 640 to .key and 644 to .crt

      cp server.crt /usr/local/apache/conf/ssl.crt # ALTERNATIVE: /etc/ssl/certs
      cp server.key /usr/local/apache/conf/ssl.key #ALTERNATIVE: /etc/ssl/private 

      Apache mod_ssl installed required, path may differ depending on apache how apache was compiled

   2. Configure Configuring SSL Enabled Virtual Hosts

      SSLEngine on
      SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
      SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
      SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
      CustomLog logs/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

   3. Secure SSL

      sudo nano /etc/apache2/mods-enable/ssl.conf
      SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
      SSLHonorCipherOrder on
      SSLProtocol TLSv1.2
      SSLCompression off

   4. Restart Apache and test
   • Django (Nginx-Gunicorn)
   1. TODO!