Benutzer-Werkzeuge

Webseiten-Werkzeuge


freebsd:startssl

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
freebsd:startssl [2011/04/04 06:58]
Idefix /* Creation of new Key */
freebsd:startssl [2013/12/16 12:29] (aktuell)
idefix freebsd-startssl umbenannt in freebsd:startssl
Zeile 1: Zeile 1:
 +====== ​ Creation of new Key  ======
 +Go to the site http:<​nowiki>//</​nowiki>​www.startssl.com and verify the domain (Use the button Control Panel).
 +
 +At first we set the default key size to 2048 by editing the file /​etc/​ssl/​openssl.cnf.
 +Change in section req default_bits to 2048.
 +
 +We create on the host a new key and csr:
 +<​code>​
 +openssl req -new -nodes -keyout ssl.key -out ssl.csr
 +</​code>​
 +As common name fill the domain and do not fill the challenge password.
 +
 +Go to startssl.com and select new certificate and select WEB.
 +For the private key select Skip.
 +
 +Now copy the content of the ssl.csr to the website.
 +Select the domain and fill the common name you inserted above while creating the private key.
 +
 +Copy the certificate on the website in the file ssl.crt.
 +Download the two files:
 +<​code>​
 +wget https:<​nowiki>//</​nowiki>​www.startssl.com/​certs/​sub.class1.server.ca.pem
 +wget https:<​nowiki>//</​nowiki>​www.startssl.com/​certs/​ca.pem
 +</​code>​
 +
 +Configure apache with the following lines:
 +<​code>​
 +ServerSignature On
 +SSLEngine on
 +SSLProtocol all -SSLv2
 +SSLCipherSuite ALL:​!ADH:​!EXPORT:​!SSLv2:​RC4+RSA:​+HIGH:​+MEDIUM
 +
 +SSLCertificateFile /​usr/​local/​etc/​apache22/​ssl/​ssl.crt
 +SSLCertificateKeyFile /​usr/​local/​etc/​apache22/​ssl/​ssl.key
 +SSLCertificateChainFile /​usr/​local/​etc/​apache22/​ssl/​sub.class1.server.ca.pem
 +SSLCACertificateFile /​usr/​local/​etc/​apache22/​ssl/​ca.pem
 +SetEnvIf User-Agent "​.*MSIE.*"​ nokeepalive ssl-unclean-shutdown
 +</​code>​
 +
 +Restart apache.
  
freebsd/startssl.txt · Zuletzt geändert: 2013/12/16 12:29 von idefix