Difference between revisions of "Secure Sockets Layer"
From Organic Design wiki
(noinclude the see server install) |
m |
||
Line 5: | Line 5: | ||
Our convention is to keep all the certificates in ''/var/www/ssl'' along with the the SSL virtual host definition for the domain <noinclude>(see [[install a new server]] for details on Apache configuration)</noinclude>. First change the current directory to ''/var/www/ssl'' and create the certificate with the following command format. Ensure the '''common name''' (cn) is entered as a wildcard such as '''*.foo.com''' so that the certificate applies to all the sub-domains such as ''www.foo.com'' or ''webmail.foo.com'' etc. | Our convention is to keep all the certificates in ''/var/www/ssl'' along with the the SSL virtual host definition for the domain <noinclude>(see [[install a new server]] for details on Apache configuration)</noinclude>. First change the current directory to ''/var/www/ssl'' and create the certificate with the following command format. Ensure the '''common name''' (cn) is entered as a wildcard such as '''*.foo.com''' so that the certificate applies to all the sub-domains such as ''www.foo.com'' or ''webmail.foo.com'' etc. | ||
{{code|<pre> | {{code|<pre> | ||
− | openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.pem -out foo.com.pem | + | openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.key.pem -out foo.com.req.pem |
</pre>}} | </pre>}} | ||
Revision as of 22:01, 23 April 2013
Secure Sockets Layer Organic Design procedure |
Our convention is to keep all the certificates in /var/www/ssl along with the the SSL virtual host definition for the domain (see install a new server for details on Apache configuration). First change the current directory to /var/www/ssl and create the certificate with the following command format. Ensure the common name (cn) is entered as a wildcard such as *.foo.com so that the certificate applies to all the sub-domains such as www.foo.com or webmail.foo.com etc.
Ensure that the resulting file is accessible by the web-server:
Check the cert with this command:
The following output indicates the cert is working correctly