HTTPS
Version vom 25. Februar 2014, 21:43 Uhr von Hamatoma (Diskussion | Beiträge) (→Multihome Zertifikat)
Multihome Zertifikat[Bearbeiten]
cd /etc/nginx mkdir ssl chown www-data.root ssl chmod 770 ssl cd ssl
# generate private key: CERT=f-r-e-i openssl genrsa -des3 -out $CERT.key 1024 # Generate a CSR (Certificate Signing Request) openssl req -new -key $CERT.key -out $CERT.csr
Country Name (2 letter code) [DE]:DE State or Province Name (full name) [Sachsen]:Bavaria Locality Name (eg, city) [Leipzig]:Munich Organization Name (eg, company) [My Company Ltd]:f-r-e-i.de Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:f-r-e-i.de Email Address []:info@f-r-e-i.de Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
# Remove Passphrase from Key 1 cp $CERT.key $CERT.key.org openssl rsa -in $CERT.key.org -out $CERT.key # Generating a Self-Signed Certificate DOMAIN=$CERT.de cat <<EOS >$CERT.extensions [ mydomain_http ] nsCertType = server keyUsage = digitalSignature,nonRepudiation,keyEncipherment extendedKeyUsage = serverAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer subjectAltName = @mydomain_http_subject [ mydomain_http_subject ] DNS.1 = www.$DOMAIN DNS.2 = wiki.$DOMAIN DNS.3 = clowd.$DOMAIN EOS openssl x509 -req -days 365 -in $CERT.csr -signkey $CERT.key -out $CERT.crt -extfile /etc/nginx/ssl/$CERT.extensions -extensions mydomain_http