startcom
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
startcom [2014/11/24 01:44] ben |
startcom [2014/11/24 02:11] (current) ben |
||
|---|---|---|---|
| Line 17: | Line 17: | ||
| Generate the Certificate Signing Request | Generate the Certificate Signing Request | ||
| - | <source lang="bash"> | + | <code bash> |
| openssl req -new -key domain.sihnon.net.key -out domain.sihnon.net.csr | openssl req -new -key domain.sihnon.net.key -out domain.sihnon.net.csr | ||
| - | </source> | + | </code> |
| Send the CSR to cacert.org, and cat the result into domain.sihnon.net.pem | Send the CSR to cacert.org, and cat the result into domain.sihnon.net.pem | ||
| Line 27: | Line 27: | ||
| ===== Using certificates in apache ===== | ===== Using certificates in apache ===== | ||
| Create a certificate bundle, which contains the Intermediate and Root CA certificates | Create a certificate bundle, which contains the Intermediate and Root CA certificates | ||
| - | <source lang="bash"> | + | <code bash> |
| cat sub.class2.server.startcom.crt startcom.crt > sub.class2.server.startcom.bundle.crt | cat sub.class2.server.startcom.crt startcom.crt > sub.class2.server.startcom.bundle.crt | ||
| - | </source> | + | </code> |
| And configure apache to send the bundle along with the certificate | And configure apache to send the bundle along with the certificate | ||
| - | <source lang="apache"> | + | <code apache> |
| SSLEngine on | SSLEngine on | ||
| SSLCipherSuite ALL: | SSLCipherSuite ALL: | ||
| Line 38: | Line 38: | ||
| SSLCertificateKeyFile / | SSLCertificateKeyFile / | ||
| SSLCertificateChainFile / | SSLCertificateChainFile / | ||
| - | </source> | + | </code> |
| ==== Server Name Indication ==== | ==== Server Name Indication ==== | ||
| Line 44: | Line 44: | ||
| Compile apache with sni support | Compile apache with sni support | ||
| - | <source lang="bash"> | + | <code bash> |
| # echo " | # echo " | ||
| # emerge apache -av | # emerge apache -av | ||
| - | </source> | + | </code> |
| Now, with very little effort, it is possible to set up multiple vhosts with SSL enabled as above and everything should Just Work& | Now, with very little effort, it is possible to set up multiple vhosts with SSL enabled as above and everything should Just Work& | ||
| Line 53: | Line 53: | ||
| ===== Using certificates in postfix ===== | ===== Using certificates in postfix ===== | ||
| Create the bundle as per the instructions for apache, above, and then configure postfix with the following options | Create the bundle as per the instructions for apache, above, and then configure postfix with the following options | ||
| - | <source lang="text"> | + | <code text> |
| smtpd_tls_key_file = / | smtpd_tls_key_file = / | ||
| smtpd_tls_cert_file = / | smtpd_tls_cert_file = / | ||
| smtpd_tls_CAfile = / | smtpd_tls_CAfile = / | ||
| - | </source> | + | </code> |
| ===== Using certificates in courier-imap ===== | ===== Using certificates in courier-imap ===== | ||
| Courier expects the key and the certificate in the same file, along with some Diffie-Hellman parameters | Courier expects the key and the certificate in the same file, along with some Diffie-Hellman parameters | ||
| - | <source lang="bash"> | + | <code bash> |
| cat domain.sihnon.net.key domain.sihnon.net.pem > domain.sihnon.net.courier.pem | cat domain.sihnon.net.key domain.sihnon.net.pem > domain.sihnon.net.courier.pem | ||
| openssl gendh >> domain.sihnon.net.courier.pem | openssl gendh >> domain.sihnon.net.courier.pem | ||
| - | </source> | + | </code> |
| ===== Certificates issued by startcom ===== | ===== Certificates issued by startcom ===== | ||
| - | These certificates and corresponding private keys are stored in <tt>/ | + | These certificates and corresponding private keys are stored in '' |
| * backups.sihnon.net (expires 2011-11-02) | * backups.sihnon.net (expires 2011-11-02) | ||
startcom.1416793493.txt.gz · Last modified: 2014/11/24 01:44 by ben
Page Tools
