Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
linux:apache:ssl [2024/01/02 22:55] psycorelinux:apache:ssl [2024/01/13 23:16] (aktuell) – gelöscht psycore
Zeile 1: Zeile 1:
-{{tag>linux debian apache tls}} 
-====== SSL unter Apache einrichten ====== 
  
-===== Erstellen des private Keys ===== 
- 
-<code bash> 
-root@srv-web:~# openssl genrsa -out server.key 4096 
-Generating RSA private key, 4096 bit long modulus 
-.....................................................................................................................++ 
-...............................................................................++ 
-e is 65537 (0x10001) 
-</code> 
- 
-===== CSR Request ===== 
- 
-<code bash> 
-root@srv-web:~# openssl req -new -key server.key -out server.csr -sha256 
-You are about to be asked to enter information that will be incorporated 
-into your certificate request. 
-What you are about to enter is what is called a Distinguished Name or a DN. 
-There are quite a few fields but you can leave some blank 
-For some fields there will be a default value, 
-If you enter '.', the field will be left blank. 
------ 
-Country Name (2 letter code) [AU]:DE 
-State or Province Name (full name) [Some-State]:NRW 
-Locality Name (eg, city) []:Neuss 
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:Some Company 
-Organizational Unit Name (eg, section) []:. 
-Common Name (e.g. server FQDN or YOUR name) []:www.yourdomain.com 
-Email Address []:admin@yourdomain.com 
- 
-Please enter the following 'extra' attributes 
-to be sent with your certificate request 
-A challenge password []:. 
-An optional company name []:. 
- 
-</code> 
- 
-===== Zertifikat Anbieter ===== 
- 
-[[https://www.psw.net]] 
- 
-===== Apache Konfiguration ===== 
- 
-mhost.conf bzw. entsprechende Subdomain unter sites-enabled: 
- 
-<code text> 
-NameVirtualHost your.server.ip.here:443 
-... 
-    SSLEngine on 
-    SSLCertificateKeyFile /etc/ssl.key/name.of.key 
-    SSLCertificateFile /etc/ssl.crt/name.of.crt 
-    SSLCertificateChainFile /etc/ssl.crt/name.of.ca-bundle 
-     
-    # The following lines stopps the BEAST attack 
-    # more info at 
-    # https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls 
-     
-    SSLHonorCipherOrder On 
-    SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH 
-</code> 
- 
-Evt. muss das SSL Modul im Apache noch aktiviert werden: 
- 
-<code bash> 
-a2enmod ssl 
-</code> 
- 
-Nun ein Neustart und es sollte funktionieren: 
- 
-<code bash> 
-/etc/init.d/apache2 restart 
-</code>