OpenSSL konfigurálása

Certificate beállítása több host névhez .

http://www.crsr.net/Notes/Apache-HTTPS-virtual-host.html

http://www.tc.umn.edu/~brams006/selfsign.html

http://en.gentoo-wiki.com/wiki/Apache2/SSL_Certificates

http://www.linuxquestions.org/questions/linux-software-2/start-apache-with-the-pass-phrase-258973/

Using Multiple SSL Certificates in Apache with One IP Address

Cacert wiki

Securing the WordPress admin interface using (Free!) SSL certificates

Saját CA létesítése és tanúsítványok létrehozása

forrás

OpenSSL telepítése, ha szükséges

yum install openssl

CA konfigurálása

mkdir -p /u01/app/myCA/certs
mkdir /u01/app/myCA/csr
mkdir /u01/app/myCA/newcerts
mkdir /u01/app/myCA/private
cp /etc/pki/tls/openssl.cnf /u01/app/myCA/.
cd /u01/app/myCA
echo 00 > serial
echo 00 > crlnumber
touch index.txt

CA létrehozása

# Create CA private key
openssl genrsa -des3 -passout pass:qwerty -out  private/rootCA.key 2048
 
# Remove passphrase 
openssl rsa -passin pass:qwerty -in private/rootCA.key -out private/rootCA.key
 
# Create CA self-signed certificate
openssl req -config openssl.cnf -new -x509 -subj '/C=DK/L=Aarhus/O=frogger CA/CN=theheat.dk' -days 999 -key private/rootCA.key -out certs/rootCA.crt

Szerver tanusítvány létrehozása

# Create private key for the winterfell server
openssl genrsa -des3 -passout pass:qwerty -out private/winterfell.key 2048
 
# Remove passphrase 
openssl rsa -passin pass:qwerty -in private/winterfell.key -out private/winterfell.key
 
# Create CSR for the winterfell server
openssl req -config openssl.cnf -new -subj '/C=DK/L=Aarhus/O=frogger/CN=winterfell' -key private/winterfell.key -out csr/winterfell.csr
 
# Create certificate for the winterfell server
openssl ca -batch -config openssl.cnf -days 999 -in csr/winterfell.csr -out certs/winterfell.crt -keyfile private/rootCA.key -cert certs/rootCA.crt -policy policy_anything

Kliens tanúsítvány létrehozása

# Create private key for a client
openssl genrsa -des3 -passout pass:qwerty -out private/client.key 2048
 
# Remove passphrase 
openssl rsa -passin pass:qwerty -in private/client.key -out private/client.key
 
# Create CSR for the client.
openssl req -config openssl.cnf -new -subj '/C=DK/L=Aarhus/O=frogger/CN=theClient' -key private/client.key -out csr/client.csr
 
# Create client certificate.
openssl ca -batch -config openssl.cnf -days 999 -in csr/client.csr -out certs/client.crt -keyfile private/rootCA.key -cert certs/rootCA.crt -policy policy_anything

Kliens tanúsítvány exportálása pkcs12 formátumba

# Export the client certificate to pkcs12 for import in the browser
openssl pkcs12 -export -passout pass:qwerty -in certs/client.crt -inkey private/client.key -certfile certs/rootCA.crt -out certs/clientcert.p12

CSR létrehozása OpenSSL segítségével

openssl req -nodes -newkey rsa:2048 -keyout infotools.key -out infotools.csr