ssl

warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/taxonomy/taxonomy.pages.inc on line 33.

Create and install StartCom SSL certificate

openssl \
req \
-nodes \
-newkey rsa:2048 \
-keyout www.example.com.key \
-out www.example.com.csr \
-subj "/C=DE/ST=NRW/L=Berlin/O=My Inc/OU=DevOps/CN=www.example.com/emailAddress=dev@www.example.com"

a2enmod ssl
a2ensite default-ssl
service apache2 restart

cp /tmp/2_*.crt /etc/ssl/certs/
cp /tmp/1_root_bundle.crt /etc/ssl/certs/
cp /tmp/*.key /etc/ssl/private/

/etc/apache2/sites-enabled/default-ssl.conf
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

SSL

# check certificate
https://www.ssllabs.com/ssltest/analyze.html
http://www.panticz.de/Check-SSL-TLS-server-encryption-support

# list certificate domains
cat cert.pem | openssl x509 -text | grep DNS
openssl s_client -showcerts -connect www.example.com:443 | openssl x509 -text | grep DNS

# letsencrypt
http://www.panticz.de/letsencrypt

# StartCom / startssl.com
http://www.panticz.de/Create-and-install-StartCom-SSL-certificate

# remove password from private key
openssl rsa -in www.example.key.pass -out www.example.key

# Links
http://panticz.de/apache2_openssl_certificate

OpenSSL

# check local certificate
openssl x509 -text -in /etc/ssl/certs/example.com.pem

# check remote certificate
openssl s_client -connect example.com:443 | openssl x509 -text -noout

letsencrypt

#
# install
#
# Ubuntu Xenial package
apt-get install lets-encrypt

apt-get install -y git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
/opt/letsencrypt-auto --help all

#
# create letsencrypt certificate
#
HOSTS="
www1.example.com
www2.example.com
www3.example.com
mail.example.com
"

TXT=yuvAtjoicipsOvkashonFurkithsOtPeopNoHewtud4.chacnabvotfueHadgikthisDydsecCeowIkChirnuby
for HOST in ${HOSTS}; do
ssh ${HOST} "mkdir -p /var/www/.well-known/acme-challenge && echo ${TXT} > /var/www/.well-known/acme-challenge/${TXT%.*}"
done

Syndicate content