Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
wiki:ssl_cert [2010/05/02 15:06] – rgareus | wiki:ssl_cert [2013/06/02 15:45] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 9: | Line 9: | ||
Our root certificate: | Our root certificate: | ||
+ | Create your server=certificate (if you have not yet done so): | ||
+ | SERVER=severname | ||
+ | openssl genrsa -des3 -out $SERVER.key 4096 | ||
+ | |||
+ | To have your certificate signed by us: prepare a CSR (Certificate Signing Request): | ||
+ | openssl req -new -key $SERVER.key -out $SERVER.csr | ||
+ | |||
+ | *We* will sign the CSR: | ||
+ | CA=ca | ||
+ | openssl x509 -req -days 365 -in $SERVER.csr -CA $CA.crt -CAkey $CA.key -set_serial 01 -out $SERVER.crt | ||
+ | |||
+ | and pass the CRT (signed server certificate) back to you.. | ||
+ | |||
+ | You'll want to unlock server key - so that no password is required when starting the server: | ||
+ | openssl rsa -in $SERVER.key -out $SERVER.key.insecure | ||
+ | mv $SERVER.key $SERVER.key.secure | ||
+ | mv $SERVER.key.insecure $SERVER.key | ||
+ | chmod 0600 $SERVER.key | ||
+ | |||
+ | and edit your apache config adding these: | ||
+ | SSLEngine On | ||
+ | SSLCertificateFile / | ||
+ | SSLCertificateKeyFile / | ||
+ | |||
+ | more information at %%http:// | ||
===== GPG/PGP key signing ===== | ===== GPG/PGP key signing ===== |