mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
openssl genrsa -des3 -out server-sec.key 4096
openssl req -new -key server-sec.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server-sec.key -out server.crt
openssl rsa -in server-sec.key -out server.key
ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
Edit "/etc/apache2/sites-available/default-ssl" with nano or your favourite text editor
Edit the SSLCertificateFile and SSLCertificateKeyFile variables to that they reflect your certificate path
<Virtualhost *:443>
ServerAdmin webmaster@localhost
ServerName localhost
DocumentRoot /var/www-ssl/html/
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
End editing
a2enmod ssl
# restart apache server
/etc/init.d/apache2 restart OR service apache2 restart
Our SSL certificate is ready to be imported to another server
openssl s_client -connect IPOFSERVER:443 | tee ANYNAMEYOULIKE
QUIT
nano ANYNAMEYOULIKE and get rid of the junk. Keep only the text between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
# taken from madboa
# Make this a sh file and chmod +x in your certificate folder
# Opensuse => /etc/ssl/certs/
#!/bin/sh
#
# usage: certlink.sh filename [filename ...]
for CERTFILE in $*; do
# make sure file exists and is a valid cert
test -f "$CERTFILE" || continue
HASH=$(openssl x509 -noout -hash -in "$CERTFILE")
test -n "$HASH" || continue
# use lowest available iterator for symlink
for ITER in 0 1 2 3 4 5 6 7 8 9; do
test -f "${HASH}.${ITER}" && continue
ln -s "$CERTFILE" "${HASH}.${ITER}"
test -L "${HASH}.${ITER}" && break
done
done
After that just enter "./certlink.sh ANYNAMEYOULIKE"
now you have SSL communicatin between those servers.
Hiç yorum yok:
Yorum Gönder