Difference between revisions of "Secure Sockets Layer"
From Organic Design wiki
(don't transclude cert check) |
(noinclude the see server install) |
||
Line 3: | Line 3: | ||
| status = in use | | status = in use | ||
}}</noinclude> | }}</noinclude> | ||
− | Our convention is to keep all the certificates in ''/var/www/ssl'' along with the the SSL virtual host definition for the domain (see [[install a new server]] for | + | Our convention is to keep all the certificates in ''/var/www/ssl'' along with the the SSL virtual host definition for the domain <noinclude>(see [[install a new server]] for details on Apache configuration)</noinclude>. First change the current directory to ''/var/www/ssl'' and create the certificate with the following command format. Ensure the '''common name''' (cn) is entered as a wildcard such as '''*.foo.com''' so that the certificate applies to all the sub-domains such as ''www.foo.com'' or ''webmail.foo.com'' etc. |
{{code|<pre> | {{code|<pre> | ||
openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.pem -out foo.com.pem | openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.pem -out foo.com.pem |
Revision as of 10:26, 2 April 2010
Secure Sockets Layer Organic Design procedure |
Our convention is to keep all the certificates in /var/www/ssl along with the the SSL virtual host definition for the domain (see install a new server for details on Apache configuration). First change the current directory to /var/www/ssl and create the certificate with the following command format. Ensure the common name (cn) is entered as a wildcard such as *.foo.com so that the certificate applies to all the sub-domains such as www.foo.com or webmail.foo.com etc.
Ensure that the resulting file is accessible by the web-server:
Check the cert with this command:
The following output indicates the cert is working correctly