- Log in to post comments
openssl genrsa -out example.com.key 2048
openssl req -new -key example.com.key -out example.com.csr \
-subj "/C=DE/ST=NRW/L=Cologne/O=My Inc/OU=IT/CN=192.168.1.1/emailAddress=webmaster@example.com"
mv example.com.crt /etc/ssl/certs/
mv example.com.key /etc/ssl/private/
https://www.startssl.com/
Express Lane
Register...
Create certificate...
openssl req -new -key /etc/ssl/private/example.com.key -out /root/example.com.csr
cat /root/example.com.csr
Save as:
example.com.crt
wget http://www.startssl.com/certs/sub.class1.server.ca.pem -O /etc/ssl/certs/sub.class1.server.ca.pem
cp /etc/apache2/sites-available/default-ssl /root/
vi /etc/apache2/sites-available/default-ssl
# OPTIONAL: configure virtualhost
# SSLCertificateFile /etc/ssl/certs/example.com.crt
# SSLCertificateKeyFile /etc/ssl/private/example.com.key
# SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem
sed -i 's|/etc/ssl/certs/ssl-cert-snakeoil.pem|/etc/ssl/certs/example.com.crt|g' /etc/apache2/sites-available/default-ssl
sed -i 's|/etc/ssl/private/ssl-cert-snakeoil.key|/etc/ssl/private/example.com.key|g' /etc/apache2/sites-available/default-ssl
sed -i 's|#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt|SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem|g' /etc/apache2/sites-available/default-ssl
a2enmod ssl
a2ensite default-ssl
/etc/init.d/apache2 restart
Save your browser certificate
https://www.startssl.com/?app=25#4
# view certificate details
openssl x509 -noout -text -in /etc/ssl/certs/example.com.crt
# Link
http://www.heise.de/security/artikel/SSL-fuer-lau-880221.html