Difference between revisions of "Secure Sockets Layer"
From Organic Design wiki
m |
(don't transclude cert check) |
||
Line 13: | Line 13: | ||
chown www-data foo.com.pem | chown www-data foo.com.pem | ||
</pre>}} | </pre>}} | ||
+ | |||
+ | |||
+ | <noinclude>Check the cert with this command: | ||
+ | {{code|<pre> | ||
+ | openssl s_server -cert /var/www/ssl/foo.com.pem | ||
+ | </pre>}} | ||
+ | |||
+ | |||
+ | The following output indicates the cert is working correctly | ||
+ | {{code|<pre> | ||
+ | Using default temp DH parameters | ||
+ | Using default temp ECDH parameters | ||
+ | ACCEPT | ||
+ | </pre>}}</noinclude> |
Revision as of 10:15, 2 April 2010
Secure Sockets Layer Organic Design procedure |
Our convention is to keep all the certificates in /var/www/ssl along with the the SSL virtual host definition for the domain (see install a new server for that). First change the current directory to /var/www/ssl and create the certificate with the following command format. Ensure the common name (cn) is entered as a wildcard such as *.foo.com so that the certificate applies to all the sub-domains such as www.foo.com or webmail.foo.com etc.
Ensure that the resulting file is accessible by the web-server:
Check the cert with this command:
The following output indicates the cert is working correctly