Difference between revisions of "Secure Sockets Layer"
From Organic Design wiki
m |
(don't need to split the pem into crt and key) |
||
Line 1: | Line 1: | ||
− | + | <noinclude>{{procedure | |
− | + | | role = sysop | |
− | + | | status = in use | |
− | openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout | + | }}</noinclude> |
+ | Our convention is to keep all the certificates in ''/var/www/ssl'' along with the the SSL virtual host definition for the domain (see [[install a new server]] for that). First change the current directory to ''/var/www/ssl'' and create the certificate with the following command format: | ||
+ | {{code|<pre> | ||
+ | openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.pem -out foo.com.pem | ||
</pre>}} | </pre>}} | ||
− | Ensure the common name (cn) is entered as | + | Ensure the common name (cn) is entered as a wildcard such as '''*.foo.com''' so that the certificate applies to all the sub-domains such as ''www.foo.com'' or ''webmail.foo.com'' etc. |
− | |||
− | *. | ||
− | |||
− | |||
− | + | Ensure that the resulting file is accessible by the web-server: | |
{{code|<pre> | {{code|<pre> | ||
− | + | chown www-data foo.com.pem | |
− | |||
− | chown www-data | ||
</pre>}} | </pre>}} |
Revision as of 09:56, 2 April 2010
Secure Sockets Layer Organic Design procedure |
Our convention is to keep all the certificates in /var/www/ssl along with the the SSL virtual host definition for the domain (see install a new server for that). First change the current directory to /var/www/ssl and create the certificate with the following command format:
Ensure the common name (cn) is entered as a wildcard such as *.foo.com so that the certificate applies to all the sub-domains such as www.foo.com or webmail.foo.com etc.
Ensure that the resulting file is accessible by the web-server: