This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
wiki:ssl_cert [2010/05/02 15:06]
wiki:ssl_cert [2013/06/02 15:45] (current)
Line 9: Line 9:
 Our root certificate:​ {{:​wiki:​ca.crt|ca.crt}} (to be submitted to [[http://​www.mozilla.org/​projects/​security/​certs/​|mozilla.org]] for inclusion in Firefox). Our root certificate:​ {{:​wiki:​ca.crt|ca.crt}} (to be submitted to [[http://​www.mozilla.org/​projects/​security/​certs/​|mozilla.org]] for inclusion in Firefox).
 +Create your server=certificate (if you have not yet done so):
 +  SERVER=severname
 +  openssl genrsa -des3 -out $SERVER.key 4096
 +To have your certificate signed by us: prepare a CSR (Certificate Signing Request):
 +  openssl req -new -key $SERVER.key -out $SERVER.csr
 +*We* will sign the CSR:
 +  CA=ca
 +  openssl x509 -req -days 365 -in $SERVER.csr -CA $CA.crt -CAkey $CA.key -set_serial 01 -out $SERVER.crt
 +and pass the CRT (signed server certificate) back to you..
 +You'll want to unlock server key - so that no password is required when starting the server: ​
 +  openssl rsa -in $SERVER.key -out $SERVER.key.insecure
 +  mv $SERVER.key $SERVER.key.secure
 +  mv $SERVER.key.insecure $SERVER.key
 +  chmod 0600 $SERVER.key
 +and edit your apache config adding these:
 +  SSLEngine On
 +  SSLCertificateFile /​path/​to/​filename.crt
 +  SSLCertificateKeyFile /​path?​to/​filename.key
 +more information at %%http://​www.tc.umn.edu/​~brams006/​selfsign.html%% and %%http://​httpd.apache.org/​docs/​2.0/​ssl/​%%
 ===== GPG/PGP key signing ===== ===== GPG/PGP key signing =====
wiki/ssl_cert.1272805618.txt.gz ยท Last modified: 2010/05/02 15:06 by rgareus