- Log in to post comments
make-ssl-cert generate-default-snakeoil --force-overwrite a2enmod ssl a2ensite default-ssl service apache2 restart # install packages apt-get install openssl # apache2 apache2.2-common php5 # enable ssl in apache a2enmod ssl a2ensite default-ssl # default make-ssl-cert generate-default-snakeoil --force-overwrite # customized openssl \ req \ -x509 \ -newkey rsa:2048 \ -sha256 \ -nodes \ -days 365 \ -keyout /etc/ssl/private/$(hostname -f).key \ -out /etc/ssl/certs/$(hostname -f).pem \ -subj "/C=DE/ST=NRW/L=Bonn/O=Example Inc/OU=IT/CN=www.example.com/emailAddress=info@www.example.com" sed -i "s|SSLCertificateFile .*$|SSLCertificateFile /etc/ssl/certs/$(hostname -f).pem|g" /etc/apache2/sites-enabled/default sed -i "s|SSLCertificateKeyFile .*$|SSLCertificateKeyFile /etc/ssl/private/$(hostname -f).key|g" /etc/apache2/sites-enabled/default chown root:root /etc/ssl/certs/www.example.com.pem chmod 644 /etc/ssl/certs/www.example.com.pem chown root:ssl-cert /etc/ssl/private/www.example.com.key chmod 640 /etc/ssl/private/www.example.com.key # view supported protocols cat /etc/apache2/mods-available/ssl.conf | grep SSLProtocol # creating an RSA key (use -des3 to create a password protected key file) openssl genrsa -out key.pem 1024 # creating a certificate request openssl req -new -nodes -x509 -out /etc/ssl/certs/ssl-cert-snakeoil.pem -keyout /etc/ssl/private/ssl-cert-snakeoil.key -days 365 -subj "/C=DE/ST=NRW/L=Cologne/O=Your Company/OU=IT/CN=www.YOUR_SERVER.com/emailAddress=you@YOUR_SERVER.com" # restart apache service apache2 restart
# v2 openssl x509 -req -days 365 -in dns.server.com.csr -signkey dns.server.com.key -out dns.server.com.crt openssl req -new -nodes -x509 -out /etc/ssl/certs/ssl-cert-snakeoil.pem -keyout /etc/ssl/private/ssl-cert-snakeoil.key -days 365 -subj "/C=US/ST=CA/L=City/CN=localhost/emailAddress=root@localhost" cp /etc/ssl/private/dns.server.com.crt /etc/ssl/certs/ # view certificate info openssl req -noout -text -in dns.server.com.csr cat /etc/apache2/sites-enabled/default-ssl | grep SSLCertificateFile cat /etc/apache2/sites-enabled/default-ssl | grep SSLCertificateKeyFile mv /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil.pem.org mv /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil.key.org cp /etc/ssl/certs/dns.server.com.crt /etc/ssl/certs/ssl-cert-snakeoil.pem cp /etc/ssl/private/dns.server.com.key /etc/ssl/private/ssl-cert-snakeoil.key /etc/init.d/apache2 restart
# v3 # # fix hostname echo "$(ifconfig eth0| grep "inet addr" | cut -d ":" -f2 | cut -d" " -f1) $(hostname).$(cat /etc/resolv.conf | grep domain | cut -d" " -f2) $(hostname)" >> /etc/hosts # generate certificate with snakeoil sudo make-ssl-cert generate-default-snakeoil --force-overwrite /etc/init.d/apache2 restart # check certificate expiration openssl x509 -noout -enddate -in /etc/ssl/certs/ssl-cert-snakeoil.pem # disable SSLv2 and SSLv3 SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCompression Off
Links
http://www.heise.de/security/artikel/SSL-fuer-lau-880221.html
http://www.docs.hp.com/en/5991-1159/ch01s07.html
http://wiki.ubuntuusers.de/ssl-cert
http://www.schirmacher.de/display/INFO/Apache+SSL+Zertifikat+erstellen+und+installieren
http://www.panticz.de/Ubuntu
http://www.curtis-lamasters.com/2008/07/30/apache2-on-ubuntu-openssl-csr-self-signed-cert/
http://spin.atomicobject.com/2014/05/12/openssl-commands/