|
| |
SSL/HTTPS
Administration :
Webworking : SSL : Übersicht
05-Okt-2003/09-Jan-07
Übersicht
Generieren eines SSL-Zertifikats
Generieren eines SSL-Zertifikats zum Testen:
Aufrufen des Zertifikat-Generators unter
Debian
GNU/Linux
Version 3.0 »Woody«:
# mod-ssl-makecert
Wenn bereits ein Zertifikat existiert, fragt das Skript nach:
/etc/apache/ssl.crt/server.crt: already present
/etc/apache/ssl.csr/server.csr: already present
/etc/apache/ssl.key/server.key: already present
Do you really want to overwrite the existing certificate ?
[y/N]:
Festlegen des Typs des Zertifikats; in unserem Fall legen wir ein
Test- Zertifikat an, das für den produktiven Einsatz nicht
verwendet werden sollte:
What type of certificate do you want to create ?
1. dummy (dummy self-signed Snake Oil cert)
2. test (test cert signed by Snake Oil CA)
3. custom (custom cert signed by own CA)
4. existing (existing cert)
Use dummy when you're a vendor package maintainer,
test when you're an admin but want to do tests only,
custom when you're an admin willing to run a real server
and existing when you're an admin who upgrades a server.
Normally you'd use "test" (2)
> 2
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.
Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems
STEP 1: Generating RSA private key (1024 bit) [server.key]
917165 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.++++++
...........++++++
e is 65537 (0x10001)
Generieren eines Certificate Signing Request:
STEP 2: Generating X.509 certificate signing request
[server.csr]
Using configuration from .mkcert.cfg
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name
or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name (2 letter code) [XY]:
2. State or Province Name (full name) [Snake Desert]:
3. Locality Name (eg, city) [Snake Town]:
4. Organization Name (eg, company) [Snake Oil, Ltd]:
5. Organizational Unit Name (eg, section) [Webserver Team]:
6. Common Name (eg, FQDN) [www.snakeoil.dom]:
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]:
8. Certificate Validity (days) [365]:
Generieren eines X.509 Zertifikats, das con Snake Oil CA signiert
ist:
STEP 3: Generating X.509 certificate signed by Snake Oil CA
[server.crt]
Certificate Version (1 or 3) [3]:1
Signature ok
subject=/C=.../ST=.../L=.../O=.../OU=.../CN=.../Email=...
Getting CA Private Key
Verify: matching certificate & key modulus
read RSA key
Verify: matching certificate signature
/etc/apache/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake
Town/O=Snake Oil, Ltd/OU=Certificate Authority/CN=Snake Oil
CA/Email=ca@snakeoil.dom
error 10 at 1 depth lookup:certificate has expired
OK
(? Fehlermeldung ?)
Verschlüsseln des privaten RSA- Keys mit einem Passwort:
STEP 4: Enrypting RSA private key with a pass phrase for
security [server.key]
The contents of the server.key file (the generated private key) has
to be
kept secret. So we strongly recommend you to encrypt the server.key
file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]:
read RSA key
writing RSA key
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
Fine, you're using an encrypted RSA private key.
Abschliessen des Generieren des Zertifikats:
RESULT: Server Certification Files
o conf/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the 'SSLCertificateKeyFile' directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!
o conf/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the 'SSLCertificateFile' directive (automatically done
when you install via APACI).
o conf/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the conf/ssl.crt/server.crt file.
WARNING: Do not use this for real-life/production systems
| |
 SSL: |
|
Name: Besucher.
Online: 27 aktive User.
|
| Login |
Logout
|
|
|
Benachrichtigen bei Änderungen: |
|
|
|
|
Debian GNU/Linux 3.1 »Sarge«,
mit Debian-Anwenderhandbuch.
DVD-ROM +
Bonus-DVD
 EUR
49,90
(versandkostenfrei)
|
Debian GNU/Linux Power Pack.
von
Peter H. Ganten und
Wulf Alex.
946 Seiten, zwei DVDs
EUR 69,95
(versandkostenfrei) |
|
Ubuntu: |
Ubuntu/Kubuntu 5.10,
mit Handbuch.
EUR
29,90
(versandkostenfrei)
|
|
SuSE
Linux: |
SUSE
Linux 10.0 deutsch.
von Novell
EUR
48,95
(versandkostenfrei)
|
SuSE
Linux 9.3 Professional
von Novell.
EUR
82,99
(versandkostenfrei)
|
SuSE
Linux 9.3 Professional Update.
von Novell
EUR 59,95
(versandkostenfrei) |
|
Red
Hat Linux: |
|
Red Hat Linux
Professional Workstation.
EUR 99,95
(versandkostenfrei)
|
Red Hat Linux 9 Personal.
Red Hat Linux 9 Professional.
ab EUR 39,99
(versandkostenfrei) |
|
 |
Thematisch verwandte Subsites:
Apple,
BSD,
Hardware,
Internet,
Microsoft Windows,
Networking,
Open Content,
Open Source & Free Software,
Politik,
Recht,
Safety,
Security,
Shopping,
Software,
The Tark,
Webworking,
Wissen. |
 |
|
|
Kefk Network :
GNU/Linux |
About |
Wiki.
