Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
wiki:ssl_cert [2010/05/02 15:06] rgareuswiki:ssl_cert [2013/06/02 15:45] (current) – external edit 127.0.0.1
Line 9: Line 9:
 Our root certificate: {{:wiki:ca.crt|ca.crt}} (to be submitted to [[http://www.mozilla.org/projects/security/certs/|mozilla.org]] for inclusion in Firefox). Our root certificate: {{:wiki:ca.crt|ca.crt}} (to be submitted to [[http://www.mozilla.org/projects/security/certs/|mozilla.org]] for inclusion in Firefox).
  
 +Create your server=certificate (if you have not yet done so):
 +  SERVER=severname
 +  openssl genrsa -des3 -out $SERVER.key 4096
 +
 +To have your certificate signed by us: prepare a CSR (Certificate Signing Request):
 +  openssl req -new -key $SERVER.key -out $SERVER.csr
 +
 +*We* will sign the CSR:
 +  CA=ca
 +  openssl x509 -req -days 365 -in $SERVER.csr -CA $CA.crt -CAkey $CA.key -set_serial 01 -out $SERVER.crt
 +
 +and pass the CRT (signed server certificate) back to you..
 +
 +You'll want to unlock server key - so that no password is required when starting the server: 
 +  openssl rsa -in $SERVER.key -out $SERVER.key.insecure
 +  mv $SERVER.key $SERVER.key.secure
 +  mv $SERVER.key.insecure $SERVER.key
 +  chmod 0600 $SERVER.key
 +
 +and edit your apache config adding these:
 +  SSLEngine On
 +  SSLCertificateFile /path/to/filename.crt
 +  SSLCertificateKeyFile /path?to/filename.key
 +
 +more information at %%http://www.tc.umn.edu/~brams006/selfsign.html%% and %%http://httpd.apache.org/docs/2.0/ssl/%%
  
 ===== GPG/PGP key signing ===== ===== GPG/PGP key signing =====
wiki/ssl_cert.1272805618.txt.gz · Last modified: 2010/05/02 15:06 by rgareus