Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende ÜberarbeitungLetzte ÜberarbeitungBeide Seiten der Revision | ||
linux:apache:ssl [2012/05/08 20:42] – psycore | linux:apache:ssl [2024/01/12 22:16] – Externe Bearbeitung 127.0.0.1 | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | {{tag> | ||
+ | ====== SSL unter Apache einrichten ====== | ||
+ | ===== Erstellen des private Keys ===== | ||
+ | |||
+ | <code bash> | ||
+ | root@srv-web: | ||
+ | Generating RSA private key, 4096 bit long modulus | ||
+ | .....................................................................................................................++ | ||
+ | ...............................................................................++ | ||
+ | e is 65537 (0x10001) | ||
+ | </ | ||
+ | |||
+ | ===== CSR Request ===== | ||
+ | |||
+ | <code bash> | ||
+ | root@srv-web: | ||
+ | You are about to be asked to enter information that will be incorporated | ||
+ | into your certificate request. | ||
+ | What you are about to enter is what is called a Distinguished Name or a DN. | ||
+ | There are quite a few fields but you can leave some blank | ||
+ | For some fields there will be a default value, | ||
+ | If you enter ' | ||
+ | ----- | ||
+ | Country Name (2 letter code) [AU]:DE | ||
+ | State or Province Name (full name) [Some-State]: | ||
+ | Locality Name (eg, city) []:Neuss | ||
+ | Organization Name (eg, company) [Internet Widgits Pty Ltd]:Some Company | ||
+ | Organizational Unit Name (eg, section) []:. | ||
+ | Common Name (e.g. server FQDN or YOUR name) []: | ||
+ | Email Address []: | ||
+ | |||
+ | Please enter the following ' | ||
+ | to be sent with your certificate request | ||
+ | A challenge password []:. | ||
+ | An optional company name []:. | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== Zertifikat Anbieter ===== | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | ===== Apache Konfiguration ===== | ||
+ | |||
+ | mhost.conf bzw. entsprechende Subdomain unter sites-enabled: | ||
+ | |||
+ | <code text> | ||
+ | NameVirtualHost your.server.ip.here: | ||
+ | ... | ||
+ | SSLEngine on | ||
+ | SSLCertificateKeyFile / | ||
+ | SSLCertificateFile / | ||
+ | SSLCertificateChainFile / | ||
+ | | ||
+ | # The following lines stopps the BEAST attack | ||
+ | # more info at | ||
+ | # https:// | ||
+ | | ||
+ | SSLHonorCipherOrder On | ||
+ | SSLCipherSuite ECDHE-RSA-AES128-SHA256: | ||
+ | </ | ||
+ | |||
+ | Evt. muss das SSL Modul im Apache noch aktiviert werden: | ||
+ | |||
+ | <code bash> | ||
+ | a2enmod ssl | ||
+ | </ | ||
+ | |||
+ | Nun ein Neustart und es sollte funktionieren: | ||
+ | |||
+ | <code bash> | ||
+ | / | ||
+ | </ |