Difference between revisions of "Ssl"
From Wasya Wiki
(→Local nginx (or anything)) |
|||
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | |||
+ | == Generate CSR == | ||
+ | |||
+ | From: https://www.namecheap.com/support/knowledgebase/article.aspx/9446/14/generating-csr-on-apache--opensslmodsslnginx--heroku/ | ||
From: https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx | From: https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx | ||
+ | |||
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr | openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr | ||
+ | |||
+ | Note! For Wildcard certificates, the Common Name should be represented with an asterisk in front (e.g. *.example.com). | ||
SSLEngine on | SSLEngine on | ||
Line 10: | Line 17: | ||
Don't forget to chmod +x, the user is www-data, verify with https://www.sslshopper.com/ssl-checker.html#hostname=https://wasya.co/ | Don't forget to chmod +x, the user is www-data, verify with https://www.sslshopper.com/ssl-checker.html#hostname=https://wasya.co/ | ||
− | == | + | == Self-signed certificate == |
+ | |||
+ | From: https://www.baeldung.com/openssl-self-signed-cert | ||
+ | |||
+ | openssl x509 -signkey server.key -in server.csr -req -days 365 -out server.crt | ||
+ | |||
+ | == Local apache == | ||
From: https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec | From: https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec | ||
openssl genrsa -des3 -out rootCA.key 2048 | openssl genrsa -des3 -out rootCA.key 2048 | ||
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem | openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem | ||
+ | |||
+ | == generate rsa public private key == | ||
+ | |||
+ | openssl genrsa -out privkey.pem 2048 | ||
+ | openssl rsa -in private.pem -outform PEM -pubout -out public.pem |
Latest revision as of 05:22, 13 March 2024
Generate CSR
From: https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Note! For Wildcard certificates, the Common Name should be represented with an asterisk in front (e.g. *.example.com).
SSLEngine on SSLCertificateFile /etc/apache2/ssl/static.piousbox.com/static_piousbox_com.crt SSLCertificateKeyFile /etc/apache2/ssl/static.piousbox.com/server.key SSLCACertificateFile /etc/apache2/ssl/static.piousbox.com/static_piousbox_com.ca-bundle
Don't forget to chmod +x, the user is www-data, verify with https://www.sslshopper.com/ssl-checker.html#hostname=https://wasya.co/
Self-signed certificate
From: https://www.baeldung.com/openssl-self-signed-cert
openssl x509 -signkey server.key -in server.csr -req -days 365 -out server.crt
Local apache
openssl genrsa -des3 -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
generate rsa public private key
openssl genrsa -out privkey.pem 2048 openssl rsa -in private.pem -outform PEM -pubout -out public.pem