Categorías :: Cambios :: Indice :: Login :: Guegue.Com :: Búsqueda:

Revision [732]

Most recent edit made on 2008-02-26 13:44:56 by JavierWilson

Additions:

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/example.com.key.unsecure
ServerName example.com:443
DocumentRoot /www/example.com/public_html
Ver tambien: HowtoVerCertificadoSSL
CategorySysAdmin


Deletions:

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/example.com.key.unsecure
ServerName example.com:443
DocumentRoot /www/example.com/public_html



Revision [339]

Edited on 2007-07-27 10:50:23 by JavierWilson

Additions:
Nota: El número IP no puede ser compartido con otro sitio seguro, no existe Virtual Hosting para SSL. Se debe usar el mismo IP para configuración en Apache de la versión no segura.



Revision [338]

Edited on 2007-07-27 10:46:01 by JavierWilson

Additions:
d) Podes enviar el CSR a algun CA, o fimar con tu propio CA


Deletions:
d) fimarl con tu propio CA



Revision [337]

Edited on 2007-07-27 10:33:43 by JavierWilson

Additions:
<VirtualHost 192.168.0.1:443>
</VirtualHost>


Deletions:
<VirtualHost 192.168.0.1:443>
</VirtualHost>



Revision [149]

Edited on 2007-05-07 13:39:42 by JavierWilson

Additions:
(entra datos)
Nota: si piensas firmar con tu propio CA, el nombre de la compañía debe ser el mismo que el del CA private key.


Deletions:
(enter data)



Revision [148]

Edited on 2007-05-07 13:13:53 by JavierWilson

Additions:
dir = /usr/local/CA # Where everything is kept


Deletions:
dir = /usr/local/CA # Where everything is kept



Revision [147]

The oldest known version of this page was edited on 2007-05-07 13:12:45 by JavierWilson

HOWTO: Crear y firmar certificado de seguridad SSL


1. modificar httpd.conf

<VirtualHost 192.168.0.1:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/example.com.key.unsecure
ServerName example.com:443
DocumentRoot /www/example.com/public_html
</VirtualHost>

2. crear certificados

Por ejemplo en /usr/local/CA (según documentado en openssl.cnf) pero poner atención luego de copiarlos a lo especificado en httpd.conf

Este ejemplo está basado en: http://httpd.apache.org/docs-2.1/ssl/ssl_faq.html#realcert

a) create key (remember passphrase)

$ openssl genrsa -des3 -out example.com.key 1024

b) create unencrypted key (so that no pass to start apache)

$ openssl rsa -in example.com.key -out example.com.key.unsecure

c) create CSR (certificate signing request)

$ openssl req -new -key example.com.key -out example.com.csr
(enter data)

d) fimarl con tu propio CA

$ openssl ca -in example.com.csr -out example.com.crt

pon atenciona a /usr/share/ssl/openssl.cnf especialmente a:
dir             = /usr/local/CA          # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
database        = $dir/index.txt        # database index file.
new_certs_dir   = $dir/newcerts         # default place for new certs.

certificate     = $dir/cacert.pem       # The CA certificate
serial          = $dir/serial           # The current serial number
crl             = $dir/crl.pem          # The current CRL
private_key     = $dir/private/cakey.pem# The private key
RANDFILE        = $dir/private/.rand    # private random number file


e) restart apache

$ service httpd reload
Page History :: 2008-02-26 13:44:56 feed icon :: Owner: JavierWilson :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by WikkaWiki
Page was generated in 0.0299 seconds