Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
wiki:ssl_cert [2010/05/02 15:06] rgareuswiki:ssl_cert [2010/05/02 15:29] rgareus
Line 9: Line 9:
 Our root certificate: {{:wiki:ca.crt|ca.crt}} (to be submitted to [[http://www.mozilla.org/projects/security/certs/|mozilla.org]] for inclusion in Firefox). Our root certificate: {{:wiki:ca.crt|ca.crt}} (to be submitted to [[http://www.mozilla.org/projects/security/certs/|mozilla.org]] for inclusion in Firefox).
  
 +Create your server=certificate (if you have not yet done so):
 +  SERVER=severname
 +  openssl genrsa -des3 -out $SERVER.key 4096
 +
 +To have your certificate signed by us: prepare a CSR (Certificate Signing Request):
 +  openssl req -new -key $SERVER.key -out $SERVER.csr
 +
 +*We* will sign the CSR:
 +  CA=ca
 +  openssl x509 -req -days 365 -in $SERVER.csr -CA $CA.crt -CAkey $CA.key -set_serial 01 -out $SERVER.crt
 +
 +and pass the CRT (signed server certificate) back to you..
 +
 +You'll want to unlock server key - so that no password is required when starting the server: 
 +  openssl rsa -in $SERVER.key -out $SERVER.key.insecure
 +  mv $SERVER.key $SERVER.key.secure
 +  mv $SERVER.key.insecure $SERVER.key
 +  chmod 0600 $SERVER.key
 +
 +and edit your apache config adding these:
 +  SSLEngine On
 +  SSLCertificateFile /path/to/filename.crt
 +  SSLCertificateKeyFile /path?to/filename.key
 +
 +more information at %%http://www.tc.umn.edu/~brams006/selfsign.html%% and %%http://httpd.apache.org/docs/2.0/ssl/%%
  
 ===== GPG/PGP key signing ===== ===== GPG/PGP key signing =====
wiki/ssl_cert.txt · Last modified: 2013/06/02 15:45 by 127.0.0.1