ssl
Differences
This shows you the differences between two versions of the page.
|
ssl [2010/10/31 03:23] k2patel |
ssl [2020/08/10 02:35] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== SSL Issue and Resolution ==== | ||
| - | |||
| - | **Generate 2048 Bit CSR for godaddy.** | ||
| - | <code bash> | ||
| - | openssl req -nodes -newkey rsa:2048 -keyout www.xyz.com.key -out www.xyz.com.csr | ||
| - | </code> | ||
| - | |||
| - | Above command will not ask you for password. Which is not advisable on apache startup as you need to be present to supply password.\\ | ||
| - | If you need to have than simply remove "-nodes" from your command and you have password.\\ | ||
| - | |||
| - | **To check if certificate and key is matching "Match the MODULUS" in out of following command** | ||
| - | <code bash> | ||
| - | openssl rsa -modulus -in <*.key> | ||
| - | openssl x509 -modulus -in <*.crt> | ||
| - | </code> | ||
| - | |||
| - | **Read CSR using following command** | ||
| - | <code bash> | ||
| - | openssl req -text -in <*.csr> | ||
| - | </code> | ||
| - | |||
| - | **Find Expiring and Issue date for Certificate** | ||
| - | <code bash> | ||
| - | openssl x509 -noout -in <*.crt> -dates | ||
| - | </code> | ||
| - | |||
| - | **How to enable strong SSL in apache.** | ||
| - | This also help to pass PCI Compliance. | ||
| - | <code http | httpd.conf> | ||
| - | SSLEngine On | ||
| - | |||
| - | SSLCertificateFile /srv/www/conf/<*.crt> | ||
| - | SSLCertificateKeyFile /srv/www/conf/<*.key> | ||
| - | SSLCertificateChainFile /srv/www/conf/gd_intermediate_bundle.crt | ||
| - | SSLCACertificateFile /srv/www/conf/*.ca-bundle | ||
| - | |||
| - | SSLProtocol -all +SSLv3 +TLSv1 | ||
| - | SSLCipherSuite SSLv3:+HIGH:+MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH | ||
| - | --OR-- | ||
| - | SSLCipherSuite +HIGH:+MEDIUM:!SSLv2:RC4+RSA:!ADH:!LOW:!EXP:!aNULL:!cNULL:@STRENGTH | ||
| - | --OR-- | ||
| - | SSLCipherSuite SSLv3:+HIGH:+MEDIUM:!SSLv2:!ADH:!LOW:!EXP:!aNULL:!eNULL:@STRENGTH | ||
| - | </code> | ||
| - | [[https://www.ssllabs.com/ssldb/index.html | Test SSL Server]] | ||
| - | |||
| - | == Thawte CA Bundle == | ||
| - | |||
| - | [[https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL123_CA_Bundle.pem | SSL123 CA Bundle (1024)]]\\ | ||
| - | [[https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=SO13881 | SSL123 CA Bundle (2048)]]\\ | ||
| - | [[https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO1498 | Instruction for other Certificates ]] | ||
| - | |||
ssl.txt ยท Last modified: 2020/08/10 02:35 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
