HTTPS

Aus Info-Theke
Version vom 25. Februar 2014, 21:43 Uhr von Hamatoma (Diskussion | Beiträge) (→‎Multihome Zertifikat)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Multihome Zertifikat[Bearbeiten]

cd /etc/nginx
mkdir ssl
chown www-data.root ssl
chmod 770 ssl
cd ssl
# generate private key:
CERT=f-r-e-i
openssl genrsa -des3 -out $CERT.key 1024
# Generate a CSR (Certificate Signing Request)
openssl req -new -key $CERT.key -out $CERT.csr
Country Name (2 letter code) [DE]:DE
State or Province Name (full name) [Sachsen]:Bavaria
Locality Name (eg, city) [Leipzig]:Munich
Organization Name (eg, company) [My Company Ltd]:f-r-e-i.de
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:f-r-e-i.de
Email Address []:info@f-r-e-i.de
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# Remove Passphrase from Key 1
cp $CERT.key $CERT.key.org
openssl rsa -in $CERT.key.org -out $CERT.key

# Generating a Self-Signed Certificate
DOMAIN=$CERT.de
cat <<EOS >$CERT.extensions
[ mydomain_http ]
nsCertType      = server
keyUsage        = digitalSignature,nonRepudiation,keyEncipherment
extendedKeyUsage        = serverAuth
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid,issuer
subjectAltName          = @mydomain_http_subject
[ mydomain_http_subject ]
DNS.1 = www.$DOMAIN
DNS.2 = wiki.$DOMAIN
DNS.3 = clowd.$DOMAIN
EOS

openssl x509 -req -days 365 -in $CERT.csr -signkey $CERT.key -out $CERT.crt -extfile /etc/nginx/ssl/$CERT.extensions -extensions mydomain_http