Difference between revisions of "Secure Sockets Layer"
From Organic Design wiki
(don't need to split the pem into crt and key) |
m |
||
Line 3: | Line 3: | ||
| status = in use | | status = in use | ||
}}</noinclude> | }}</noinclude> | ||
− | Our convention is to keep all the certificates in ''/var/www/ssl'' along with the the SSL virtual host definition for the domain (see [[install a new server]] for that). First change the current directory to ''/var/www/ssl'' and create the certificate with the following command format | + | Our convention is to keep all the certificates in ''/var/www/ssl'' along with the the SSL virtual host definition for the domain (see [[install a new server]] for that). First change the current directory to ''/var/www/ssl'' and create the certificate with the following command format. Ensure the '''common name''' (cn) is entered as a wildcard such as '''*.foo.com''' so that the certificate applies to all the sub-domains such as ''www.foo.com'' or ''webmail.foo.com'' etc. |
{{code|<pre> | {{code|<pre> | ||
openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.pem -out foo.com.pem | openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.pem -out foo.com.pem | ||
</pre>}} | </pre>}} | ||
− | |||
− | |||
Ensure that the resulting file is accessible by the web-server: | Ensure that the resulting file is accessible by the web-server: |
Revision as of 09:58, 2 April 2010
Secure Sockets Layer Organic Design procedure |
Our convention is to keep all the certificates in /var/www/ssl along with the the SSL virtual host definition for the domain (see install a new server for that). First change the current directory to /var/www/ssl and create the certificate with the following command format. Ensure the common name (cn) is entered as a wildcard such as *.foo.com so that the certificate applies to all the sub-domains such as www.foo.com or webmail.foo.com etc.
Ensure that the resulting file is accessible by the web-server: