3. SSL

Created Thursday 09 January 2014

https://help.ubuntu.com/12.04/serverguide/httpd.html#https-configuration
https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html

  1. Enable SSL module:
    1. sudo a2enmod ssl
    2. sudo service apache2 restart
  2. Generating CSR (Certificate Signing Request):
    1. Generate keys for CSR:
      1. With passphrase:
        1. openssl genrsa -des3 -out server.key 2048
      2. Without passphrase (based on secure, shuffling key names):
        1. openssl rsa -in server.key -out server.key.insecure
        2. mv server.key server.key.secure
        3. mv server.key.insecure server.key
    2. Generate CSR:
      1. openssl req -new -key server.key -out server.csr
  3. Creating a Self-Signed Certificate:
    1. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  4. Installing the Certificate:
    1. sudo cp server.crt /etc/ssl/certs
    2. sudo cp server.key /etc/ssl/private
  5. ssl_error_rx_record_too_long
    1. http://stackoverflow.com/questions/119336/ssl-error-rx-record-too-long-and-apache-ssl
  6. SSL for multidomain:
    1. http://aionica.computerlink.ro/2011/08/multiple-domain-selfsigned-ssltls-certificates-for-apache-namebased-ssltls-vhosts/
      1. openssl genrsa -out multidomain-server.key 2048
      2. openssl req -new -key multidomain-server.key -out multidomain-server.csr
      3. echo "subjectAltName=DNS:www.domain1.com,DNS:www.domain2.org,DNS:www.domain3.edu" > cert_extensions
      4. openssl x509 -req -in multidomain-server.csr -signkey multidomain-server.key -extfile cert_extensions -out multidomain-server.crt -days 1095
      5. rm cert_extensions multidomain-server.csr

CentOS

http://tecadmin.net/create-and-install-self-signed-certificate-in-apache/



Backlinks: