Apache in SSL #2

HeXeR — Wed, 02 Apr 2008 14:24:52 +0000

Tako SSL certifikat imamo, sedaj pa še konfiguriramo apache …

# SSL
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/ssl/secure.cert
SSLCertificateKeyFile /var/ssl/secure.key

#. ..

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq “domena.org” # SSL dovolimo samo na določeni (pod)domeni
ErrorDocument 403 http://www.hekni-me.biz/
# ali . ..
ErrorDocument 403 ‘Haha, n00b si !’

# . ..

In to je to .

Apache in SSL

HeXeR — Wed, 02 Apr 2008 14:13:19 +0000

Prva stvar, ki jo potrebujemo je SSL certifikat …

http://www.apache-ssl.org/#FAQ

Step one – create the key and request: openssl req -new > new.cert.csr

Step two – remove the passphrase from the key (optional):

openssl rsa -in privkey.pem -out new.cert.key

Step three – convert request into signed cert:

openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365

The Apache-SSL directives that you need to use the resulting cert are:

SSLCertificateFile /path/to/certs/new.cert.cert
SSLCertificateKeyFile /path/to/certs/new.cert.key

lahko pred tem odskakljate v mapo, kjer želite imeti certifikat, drugače pa se bo pojavil v /root/… privzeto.

HeXeЯ » ssl

Apache in SSL #2

Apache in SSL