ssl
This is an old revision of the document!
SSL Issue and Resolution
Generate 2048 Bit CSR for godaddy.
openssl req -nodes -newkey rsa:2048 -keyout www.xyz.com.key -out www.xyz.com.csr
Above command will not ask you for password. Which is not advisable on apache startup as you need to be present to supply password.
If you need to have than simply remove “-nodes” from your command and you have password.
To check if certificate and key is matching “Match the MODULUS” in out of following command
openssl rsa -modulus -in <*.key> openssl x509 -modulus -in <*.crt>
Read CSR using following command
openssl req -text -in <*.csr>
Find Expiring and Issue date for Certificate
openssl x509 -noout -in <*.crt> -dates
How to enable strong SSL in apache. This also help to pass PCI Compliance.
- | httpd.conf
SSLEngine On SSLCertificateFile /srv/www/conf/<*.crt> SSLCertificateKeyFile /srv/www/conf/<*.key> SSLCertificateChainFile /srv/www/conf/gd_intermediate_bundle.crt SSLCACertificateFile /srv/www/conf/*.ca-bundle SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite SSLv3:+HIGH:+MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH --OR-- SSLCipherSuite +HIGH:+MEDIUM:!SSLv2:RC4+RSA:!ADH:!LOW:!EXP:!aNULL:!cNULL:@STRENGTH --OR-- SSLCipherSuite SSLv3:+HIGH:+MEDIUM:!SSLv2:!ADH:!LOW:!EXP:!aNULL:!eNULL:@STRENGTH
Thawte CA Bundle
Self Signed SSL
Generating Private Key
openssl genrsa -des3 -out www.k2patel.com.key 2048
Generate CSR
openssl req -new -key www.k2patel.com.key -out www.k2patel.com.csr
Removing password
This is optional only require if you provide password during CSR Generation.
mv www.k2patel.com.key www.k2patel.com.key.pass openssl rsa -in www.k2patel.com.key.pass -out www.k2patel.com.csr
Signing Certificate
openssl x509 -req -days 365 -in www.k2patel.com.csr -signkey www.k2patel.com.csr -out www.k2patel.com.crt
ssl.1292342307.txt.gz · Last modified: 2020/08/10 02:29 (external edit)