Archive for the ‘SSL’ Category
How to Configure Apache for Forward Secrecy
Add the following lines to your configuration:
Generating a Certificate Signing Request (CSR) using OpenSSL (Apache & mod_ssl, NGINX)
A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process:
How do I generate a CSR code?
CSR code has to be generated on side of the company that provides hosting services for site that you want to secure with SSL certificate. Which means that your hosting company is the one that should generate a CSR code upon your request.
It’s often useful to create self-signed SSL certificates for testing or when you don’t need the authentication that CA signing provides. I started with Akadia’s handy tutorial on self-signing here: http://www.akadia.com/services/ssh_test_certificate.html.
openssl req -in request.csr -noout -text
openssl x509 -in certificate.crt -text -noout
I’ve been using self-signed certificates for a while – but – that means getting the users to approve them each time they change. Instead – lets generate a Certificate Authority (CA) certificate with a reasonably long life – get them to install that and then new certificates signed with that will be valid for them.
We will install a CA area on /etc/ssl/ca and then create a certificate signed with this.