Difference between revisions of "Secure Sockets Layer"
m (Nad moved page Generate a self signed certificate to SSL) |
|
(No difference)
|
Revision as of 19:17, 4 August 2013
Secure Sockets Layer Organic Design procedure |
Our convention is to keep all the certificates in /var/www/ssl, so first change the current directory to that and create the certificate with the following command format. Ensure the common name (cn) is entered as a wildcard such as *.foo.com so that the certificate applies to all the sub-domains such as www.foo.com or webmail.foo.com etc. This certificate format will work for both Apache and NGiNX.
First we need to create a private key. Note that this process will require a pass-phrase for the key - don't worry, we'll remove it later to make things easier,
Now we need to create a CSR (Certificate Signing Request):
Now we need to remove the pass-phrase otherwise it'll prevent the web-server from restarting without it being entered (you'll need to enter the pass-phrase to remove it though),
Now we can generate the actual certificate: