FreeBSD-Apache

From IdefixWiki
Jump to: navigation, search

Contents

SSL

Insert the following into your ssl.conf and continue creating the keys: 

SSLCertificateFile /etc/mail/certs/newcert.pem
SSLCertificateKeyFile /etc/mail/certs/req.pem
SSLCertificateChainFile /etc/mail/certs/cacert.pem

New certificate

To create a certificate do the following:

Generate the CA key: 

cd /etc/mail/certs/
edit CA.pl and set days to high value like 10-20 years
maybe edit /etc/ssl/openssl.cnf
CA.pl -newca
cp demoCA/cacert.pem .

Generate keypair: 

edit CA.pl again and set it to 1-2 years
CA.pl -newreq
as COMMON NAME put FQDN

Sign the keypair: 

CA.pl -sign

Remove the password from keypair: 

openssl rsa -in newkey.pem -out req.pem
#rm newreq.pem
chmod 0600 *

Chain of Trust

To add you self created CA to the chain of trust you must import the file cacert.pem on all computers and select trust completely.

Renew a certificate

Sign the keypair: 

cd /etc/mail/certs
/usr/local/ssl/CA.pl -sign

see: http://linio.boo.pl/eng/certs.html http://www.freebsddiary.org/openssl-client-authentication.php


http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php

http://wiki.cacert.org/wiki/VhostTaskForce

Retrieved from "http://wiki.idefix.fechner.net/index.php?title=FreeBSD-Apache&oldid=2886"
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox