Apache: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
(Die Seite wurde neu angelegt: „ == Zertifikat generieren == ===Defaultwerte vernünftig anpassen=== Country & Co auf für einen selbst passende Werte anpassen: <source lang=bash> # vi /etc/s…“) |
No edit summary |
||
| Line 1: | Line 1: | ||
== Zertifikat generieren == | == Zertifikat generieren == | ||
===Defaultwerte vernünftig anpassen=== | ===Defaultwerte vernünftig anpassen=== | ||
| Line 9: | Line 8: | ||
===Schlüssel generieren=== | ===Schlüssel generieren=== | ||
<source lang=bash> | <source lang=bash> | ||
# openssl ecparam -genkey -name secp256r1 | openssl ec -out | # openssl ecparam -genkey -name secp256r1 | openssl ec -out server.de.ec-key | ||
</source> | </source> | ||
===Zertifikat ausstellen=== | ===Zertifikat ausstellen=== | ||
<source lang=bash> | <source lang=bash> | ||
# openssl req -new -x509 -sha256 -key | # openssl req -new -x509 -sha256 -key server.de.ec-key -out server.de-wildcard.pem -days 1825 -node | ||
You are about to be asked to enter information that will be incorporated | |||
into your certificate request. | |||
What you are about to enter is what is called a Distinguished Name or a DN. | |||
There are quite a few fields but you can leave some blank | |||
For some fields there will be a default value, | |||
If you enter '.', the field will be left blank. | |||
----- | |||
Country Name (2 letter code) [DE]: | |||
State or Province Name (full name) [Hamburg]: | |||
Locality Name (eg, city) [Hamburg]: | |||
Organization Name (eg, company) [My Site]: | |||
Organizational Unit Name (eg, section) [Sub]: | |||
Common Name (e.g. server FQDN or YOUR name) []:*.server.de | |||
Email Address [ssl@server.de]: | |||
</source> | |||
==Apache konfigurieren== | |||
<source lang=apache> | |||
<VirtualHost ssl.server.de:443> | |||
... | |||
SSLEngine On | |||
SSLProtocol all -SSLv2 -SSLv3 | |||
SSLCompression off | |||
SSLHonorCipherOrder On | |||
SSLCipherSuite EECDH+AESGCM:EECDH+AES:EDH+AES | |||
SSLCertificateFile /etc/apache2/ssl/server.de-wildcard.pem | |||
SSLCertificateKeyFile /etc/apache2/ssl/server.de.ec-key | |||
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire | |||
ServerSignature On | |||
</VirtualHost> | |||
</source> | </source> | ||
Revision as of 11:20, 16 April 2015
Zertifikat generieren
Defaultwerte vernünftig anpassen
Country & Co auf für einen selbst passende Werte anpassen:
# vi /etc/ssl/openssl.cnf
Schlüssel generieren
# openssl ecparam -genkey -name secp256r1 | openssl ec -out server.de.ec-key
Zertifikat ausstellen
# openssl req -new -x509 -sha256 -key server.de.ec-key -out server.de-wildcard.pem -days 1825 -node
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [Hamburg]:
Locality Name (eg, city) [Hamburg]:
Organization Name (eg, company) [My Site]:
Organizational Unit Name (eg, section) [Sub]:
Common Name (e.g. server FQDN or YOUR name) []:*.server.de
Email Address [ssl@server.de]:
Apache konfigurieren
<VirtualHost ssl.server.de:443>
...
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AESGCM:EECDH+AES:EDH+AES
SSLCertificateFile /etc/apache2/ssl/server.de-wildcard.pem
SSLCertificateKeyFile /etc/apache2/ssl/server.de.ec-key
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
ServerSignature On
</VirtualHost>
