User Tools

Site Tools


ssl

This is an old revision of the document!


SSL Issue and Resolution

Generate 2048 Bit CSR for godaddy.

openssl req -nodes -newkey rsa:2048 -keyout www.xyz.com.key -out www.xyz.com.csr

Above command will not ask you for password. Which is not advisable on apache startup as you need to be present to supply password.
If you need to have than simply remove “-nodes” from your command and you have password.

To check if certificate and key is matching “Match the MODULUS” in out of following command

openssl rsa -modulus -in <*.key>
openssl x509 -modulus -in <*.crt>

Read CSR using following command

openssl req -text -in <*.csr>

Find Expiring and Issue date for Certificate

openssl x509 -noout -in <*.crt> -dates

How to enable strong SSL in apache. This also help to pass PCI Compliance.

| httpd.conf
SSLEngine On
 
SSLCertificateFile /srv/www/conf/<*.crt>
SSLCertificateKeyFile /srv/www/conf/<*.key>
SSLCertificateChainFile /srv/www/conf/gd_intermediate_bundle.crt
SSLCACertificateFile /srv/www/conf/*.ca-bundle
 
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite SSLv3:+HIGH:+MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH
--OR--
SSLCipherSuite +HIGH:+MEDIUM:!SSLv2:RC4+RSA:!ADH:!LOW:!EXP:!aNULL:!cNULL:@STRENGTH
--OR--
SSLCipherSuite SSLv3:+HIGH:+MEDIUM:!SSLv2:!ADH:!LOW:!EXP:!aNULL:!eNULL:@STRENGTH

Test SSL Server

ssl.1286608790.txt.gz · Last modified: 2010/10/09 03:19 by k2patel