Creation of new Key
Go to the site http://www.startssl.com and verify the domain (Use the button Control Panel).
At first we set the default key size to 2048 by editing the file /etc/ssl/openssl.cnf. Change in section req default_bits to 2048.
We create on the host a new key and csr:
openssl req -new -nodes -keyout ssl.key -out ssl.csrAs common name fill the domain and do not fill the challenge password.
Go to startssl.com and select new certificate and select WEB. For the private key select Skip.
Now copy the content of the ssl.csr to the website. Select the domain and fill the common name you inserted above while creating the private key.
Copy the certificate on the website in the file ssl.crt. Download the two files:
wget https://www.startssl.com/certs/sub.class1.server.ca.pem
wget https://www.startssl.com/certs/ca.pemConfigure apache with the following lines:
ServerSignature On
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /usr/local/etc/apache22/ssl/ssl.crt
SSLCertificateKeyFile /usr/local/etc/apache22/ssl/ssl.key
SSLCertificateChainFile /usr/local/etc/apache22/ssl/sub.class1.server.ca.pem
SSLCACertificateFile /usr/local/etc/apache22/ssl/ca.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdownRestart apache.
Related Posts
| Dec 16 | Awstats | 1 min read |
| Dec 16 | Cloning disks | 4 min read |
| Dec 16 | Encrypting harddisks | 1 min read |
| Dec 16 | Firewall PF | 2 min read |
| Dec 16 | Hylafax | 2 min read |