cd /etc/apache2/ssl openssl genrsa -out www-rrfx-net.key 1024
openssl req -new -key www-rrfx-net.key -out www-rrfx-net.csr
Hit enter a bunch of times, CAcert.org will strip all but the Common name if you're not verified (like me):
Common Name (eg, YOUR name) []: www.rrfx.net
Just leave the challenge password blank:
cat www-rrfx-net.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIBnDCCA/-----8<------8<------/eX9tCrqSyJo
-----END CERTIFICATE REQUEST-----
Visit http://cacert.org
Make sure your domain has been added: Domains -> View/Add
Request your certificate: Server Certificates -> New -> Paste the contents of your certificate request (eg www.rrfx.net.csr)
CACert will then generate a certificate. Paste this into /etc/apache2/ssl:
nano www-rrfx-net.cert
(paste)
In the Apache2 virtualhost section. Make sure the virtualhost is listening on *.443:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/www-rrfx-net.cert
SSLCertificateKeyFile /etc/apache2/ssl/www-rrfx-net.key
SSLOptions +OptRenegotiate
and wherever you need to enforce SSL:
SSLRequireSSL
Make sure clients import the CAcert.org root certificate:
https://www.cacert.org/index.php?id=3
No comments:
Post a Comment