This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
startcom [2014/11/24 01:14] 0.0.0.0 created |
startcom [2014/11/24 02:11] (current) ben |
||
---|---|---|---|
Line 12: | Line 12: | ||
===== Startcom.org Certificates ===== | ===== Startcom.org Certificates ===== | ||
Generate the private key | Generate the private key | ||
- | <source lang="bash"> | + | <code bash> |
openssl genrsa -out domain.sihnon.net.key 1024 | openssl genrsa -out domain.sihnon.net.key 1024 | ||
- | </source> | + | </code> |
Generate the Certificate Signing Request | Generate the Certificate Signing Request | ||
- | <source lang="bash"> | + | <code bash> |
openssl req -new -key domain.sihnon.net.key -out domain.sihnon.net.csr | openssl req -new -key domain.sihnon.net.key -out domain.sihnon.net.csr | ||
- | </source> | + | </code> |
Send the CSR to cacert.org, and cat the result into domain.sihnon.net.pem | Send the CSR to cacert.org, and cat the result into domain.sihnon.net.pem | ||
Line 27: | Line 27: | ||
===== Using certificates in apache ===== | ===== Using certificates in apache ===== | ||
Create a certificate bundle, which contains the Intermediate and Root CA certificates | Create a certificate bundle, which contains the Intermediate and Root CA certificates | ||
- | <source lang="bash"> | + | <code bash> |
cat sub.class2.server.startcom.crt startcom.crt > sub.class2.server.startcom.bundle.crt | cat sub.class2.server.startcom.crt startcom.crt > sub.class2.server.startcom.bundle.crt | ||
- | </source> | + | </code> |
And configure apache to send the bundle along with the certificate | And configure apache to send the bundle along with the certificate | ||
- | <source lang="apache"> | + | <code apache> |
SSLEngine on | SSLEngine on | ||
SSLCipherSuite ALL: | SSLCipherSuite ALL: | ||
Line 38: | Line 38: | ||
SSLCertificateKeyFile / | SSLCertificateKeyFile / | ||
SSLCertificateChainFile / | SSLCertificateChainFile / | ||
- | </source> | + | </code> |
==== Server Name Indication ==== | ==== Server Name Indication ==== | ||
Line 44: | Line 44: | ||
Compile apache with sni support | Compile apache with sni support | ||
- | <source lang="bash"> | + | <code bash> |
# echo " | # echo " | ||
# emerge apache -av | # emerge apache -av | ||
- | </source> | + | </code> |
Now, with very little effort, it is possible to set up multiple vhosts with SSL enabled as above and everything should Just Work& | Now, with very little effort, it is possible to set up multiple vhosts with SSL enabled as above and everything should Just Work& | ||
Line 53: | Line 53: | ||
===== Using certificates in postfix ===== | ===== Using certificates in postfix ===== | ||
Create the bundle as per the instructions for apache, above, and then configure postfix with the following options | Create the bundle as per the instructions for apache, above, and then configure postfix with the following options | ||
- | <source lang="text"> | + | <code text> |
smtpd_tls_key_file = / | smtpd_tls_key_file = / | ||
smtpd_tls_cert_file = / | smtpd_tls_cert_file = / | ||
smtpd_tls_CAfile = / | smtpd_tls_CAfile = / | ||
- | </source> | + | </code> |
===== Using certificates in courier-imap ===== | ===== Using certificates in courier-imap ===== | ||
Courier expects the key and the certificate in the same file, along with some Diffie-Hellman parameters | Courier expects the key and the certificate in the same file, along with some Diffie-Hellman parameters | ||
- | <source lang="bash"> | + | <code bash> |
cat domain.sihnon.net.key domain.sihnon.net.pem > domain.sihnon.net.courier.pem | cat domain.sihnon.net.key domain.sihnon.net.pem > domain.sihnon.net.courier.pem | ||
openssl gendh >> domain.sihnon.net.courier.pem | openssl gendh >> domain.sihnon.net.courier.pem | ||
- | </source> | + | </code> |
===== Certificates issued by startcom ===== | ===== Certificates issued by startcom ===== | ||
- | These certificates and corresponding private keys are stored in <tt>/ | + | These certificates and corresponding private keys are stored in '' |
* backups.sihnon.net (expires 2011-11-02) | * backups.sihnon.net (expires 2011-11-02) |