User Tools

Site Tools


ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ssl [2010/12/14 23:16]
k2patel
ssl [2018/08/30 10:46] (current)
k2patel [Self Signed SSL]
Line 1: Line 1:
 +====== SSL / Openssl great way to secure it ======
 +
 ==== SSL Issue and Resolution ==== ==== SSL Issue and Resolution ====
  
 **Generate 2048 Bit CSR for godaddy.** **Generate 2048 Bit CSR for godaddy.**
 <code bash> <code bash>
-openssl req -nodes -newkey rsa:2048 -keyout www.xyz.com.key -out www.xyz.com.csr+openssl req -nodes -newkey rsa:4096 -sha512 ​-keyout www.xyz.com.key -out www.xyz.com.csr
 </​code>​ </​code>​
  
Line 11: Line 13:
 **To check if certificate and key is matching "Match the MODULUS"​ in out of following command** **To check if certificate and key is matching "Match the MODULUS"​ in out of following command**
 <code bash> <code bash>
-openssl rsa -modulus -in <​*.key>​ +openssl rsa -noout ​-modulus -in <​*.key>​ 
-openssl x509 -modulus -in <​*.crt>​+openssl x509 -noout ​-modulus -in <​*.crt>​
 </​code>​ </​code>​
  
Line 42: Line 44:
 SSLCipherSuite SSLv3:​+HIGH:​+MEDIUM:​!SSLv2:​!ADH:​!LOW:​!EXP:​!aNULL:​!eNULL:​@STRENGTH SSLCipherSuite SSLv3:​+HIGH:​+MEDIUM:​!SSLv2:​!ADH:​!LOW:​!EXP:​!aNULL:​!eNULL:​@STRENGTH
 </​code>​ </​code>​
 +
 +**Print all available high ciphers.**
 +
 +<code bash>
 +openssl ciphers HIGH
 +</​code>​
 +
 [[https://​www.ssllabs.com/​ssldb/​index.html | Test SSL Server]] [[https://​www.ssllabs.com/​ssldb/​index.html | Test SSL Server]]
  
Line 105: Line 114:
 -----END CERTIFICATE----- -----END CERTIFICATE-----
 </​code>​ </​code>​
 +
 +== Thawte ==
  
 [[https://​search.thawte.com/​library/​VERISIGN/​ALL_OTHER/​thawte%20ca/​SSL123_CA_Bundle.pem | SSL123 CA Bundle (1024)]]\\ [[https://​search.thawte.com/​library/​VERISIGN/​ALL_OTHER/​thawte%20ca/​SSL123_CA_Bundle.pem | SSL123 CA Bundle (1024)]]\\
Line 110: Line 121:
 [[https://​search.thawte.com/​support/​ssl-digital-certificates/​index?​page=content&​id=SO1498 | Instruction for other Certificates ]] [[https://​search.thawte.com/​support/​ssl-digital-certificates/​index?​page=content&​id=SO1498 | Instruction for other Certificates ]]
  
 +== GoDaddy ==
 +[[ https://​certs.godaddy.com/​anonymous/​repository.seam | Server Certificates ]]
 +
 +== Verisign ==
 +[[ https://​knowledge.verisign.com/​support/​ssl-certificates-support/​index?​page=content&​actp=CROSSLINK&​id=AR1409&​TID=retailssl | CA Bundle ]]
 ==== Self Signed SSL ==== ==== Self Signed SSL ====
  
 == Generating Private Key == == Generating Private Key ==
 <code bash> <code bash>
-openssl genrsa -des3 -out www.k2patel.com.key ​2048+openssl genrsa -des3 -out www.k2patel.com.key ​4096
 </​code>​ </​code>​
  
Line 134: Line 150:
  
 <code bash> <code bash>
-openssl x509 -req -days 365 -in www.k2patel.com.csr -signkey www.k2patel.com.csr -out www.k2patel.com.crt+openssl x509 -req -days 365 -in www.k2patel.com.csr -signkey www.k2patel.com.key -out www.k2patel.com.crt
 </​code>​ </​code>​
  
  
 +==== Wilcard Certificate ====
  
 +Wildcard Certificate is nothing diff. in mechanism except how much you pay.\\
 +Please read following information before you dive in.
  
- +  * While creating wildcard certificate you need to use "​*"​ as Common Name: 
 +     * e.g. *.k2patel.in 
 +  * You can place wildcard certificate on any number of server simply you always need KEY / CRT combination moved / copied. 
 +    * so you can have multiple server with multiple sub-domain without issue. 
 +  * You do not need any special way to install / use it simply use as described above.
ssl.1292386599.txt.gz · Last modified: 2010/12/14 23:16 by k2patel