SSL

From Kb

Revision as of 15:16, 30 October 2014 by Jonathan (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

POODLE

Good article on fixing the POODLE bug: SSL V3 GOES TO THE DOGS - POODLE KILLS OFF PROTOCOL

SSLProtocol All -SSLv2 -SSLv3

Using SSL

Create a private key:

openssl genrsa -des3 -out domainname.key 2048

Create a certificate signing request (csr):

openssl req -new -key domain.key -out domain.csr

Remove passphrase from key:

openssl rsa -in domain.key -out domain.nopass.key

Create a certificate signing request without encrypting it (no des)

openssl req -nodes -newkey rsa:2048 -keyout domain.key -out domain.csr


Information Required for a CSR

Certificate Installation Password:
Country Name (2 letter code):
State or Province Name (full name):
Locality Name (eg, city):
Organization Name (eg, company):
Organizational Unit Name (eg, section):
Common Name (aka Domain Name):
Email Address:


How to create a PFX format SSL Cert for Windows servers

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

Just take an existing cert file (key and cert combo) and run it throut this:

openssl pkcs12 -export -out domain.pfx -in domain.pem -name "Cert Name"


Adding SSL to Apache

NameVirtualHost 127.0.0.1:443
<VirtualHost 127.0.0.1:443>
   SSLEngine on
   SSLCertificateFile /usr/local/certs/www.domain.com.cert
   SSLCertificateKeyFile /usr/local/certs/www.domain.com.key
   SSLCertificateChainFile /usr/local/certs/www.domain.com.int
   SuexecUserGroup domain domain
   ServerName     domain.com
   ServerAlias    www.domain.com
   ServerAdmin    root@domain.com
   DocumentRoot   /home/domain/www/domain.com
   CustomLog      /var/log/httpd/domain/domain.com-access_log combined
   ErrorLog       /var/log/httpd/domain/domain.com-error_log
</VirtualHost>