Configuring StartSSL with Debian Squeeze and gnutls

This is primarily a reminder for myself. ;)

Generate a cetificate request:
openssl req -new -newkey rsa:4096 -days 365 -nodes -keyout example.com.key -out example.co,m.csr

Go to StartSSL -> Certficiates Wizard - Web Server SSL/TLS Certificate.
Continue, Skip, [Paste Content of example.com.csr] into the form, Submit, [Copy certbox], Finish

On the server, create a crt file and copy the certificate from StartSSL into the file:

vim example.com.crt
paste content of StartSSL result screen

Download sub.class1.server.ca.crt and ca.pem from „https://www.startssl.com/ | Toolbox | StartCom CA Certificates”

Prepare the certificate by adding the interim certificates to it.
mv ca.pem startssl-ca.pem
mv sub.class1.server.ca.pem startssl-sub.class1.server.ca.pem
cat example.com.crt sub.class2.server.ca.pem > example.com-gnutls.crt

Remove the password from the key, otherwise Apache will prompt for the password at every restart/reboot:
openssl rsa -in example.com.key -out nopwd-example.com.key

Not just modify your virtual host settings and you are good to go.

<VirtualHost *:443>
    ServerName www.example.com:443
    ServerAlias example.com:443
 
    ProxyRequests Off
    ProxyPreserveHost On
 
    ProxyPass / http://127.0.0.1:81/
    ProxyPassReverse / http://127.0.0.1:81/
 
    <Proxy http://127.0.0.1:81>
        Order deny,allow
        Allow from all
    </Proxy>
 
    # Enable/Disable SSL for this virtual host.
    GnuTLSEnable on
    #GnuTLSSessionTickets on
    GnuTLSPriorities NORMAL
    GnuTLSCertificateFile /etc/ssl/private/example.com.gnu-tls.crt
    GnuTLSKeyFile /etc//ssl/private/nopwd-example.com.key
    GnuTLSPriorities NORMAL
</VirtualHost>

Tagged as: , , , | Author:
[Samstag, 20120421, 17:25 | permanent link | 0 Kommentar(e)

Comments are closed for this story.


Disclaimer

„Leyrers Online Pamphlet“ ist die persönliche Website von mir, Martin Leyrer. Die hier veröffentlichten Beiträge spiegeln meine Ideen, Interessen, meinen Humor und fallweise auch mein Leben wider.
The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.

Search

RSS Feed RSS Feed

Tag Cloud

2007, a-trust, a.trust, a1, accessability, acta, advent, age, amazon, ankündigung, apache, apple, audio, austria, backup, barcamp, bba, big brother awards, birthday, blog, blogging, book, books, browser, Browser_-_Firefox, bruce sterling, buch, bürgerkarte, cars, cartoon, ccc, cfp, christmas, cloud, collection, computer, computing, concert, conference, copyright, database, date, datenschutz, debian, delicious, demokratie, design, desktop, deutsch, deutschland, dev, developer, digitalks, dilbert, disobay, dna, dns, Doctor Who, documentation, domino, Domino, Douglas Adams, download, drm, dsk, dvd, e-card, e-government, e-mail, e-voting, E71, Ein_Tag_im_Leben, email, eu, event, exchange, Extensions, fail, feedback, film, firefox, flightexpress, food, foto, fsfe, fun, future, games, gaming, geek, geld, gleichberechtigung, google, graz, grüne, grüninnen, hack, hacker, handtuch, handy, hardware, HHGTTG, history, how-to, howto, hp, html, humor, IBM, ibm, ical, image, innovation, intel, internet, internet explorer, iphone, ipod, isp, IT, it, java, javascript, job, journalismus, keyboard, knowledge, konzert, language, laptop, law, lego, lenovo, life, links, Linux, linux, linuxwochen, linuxwochenende, living, lol, london, lost+found, Lotus, lotus, Lotus Notes, lotus notes, lotusnotes, LotusNotes, Lotusphere, lotusphere, Lotusphere2006, lotusphere2007, Lotusphere2008, lotusphere2008, lustig, m3_bei_der_Arbeit, mac, mail, marketing, mathematik, media, medien, metalab, microsoft, Microsoft, mITtendrin, mobile, mood, movie, mp3, multimedia, music, musik, männer, nasa, netwatcher, network, netzpolitik, news, nokia, notes, Notes, Notes+Domino, office, online, OOXML, open source, openoffice, opensource, orf, orlando, os, outlook, patents, pc, pdf, perl, personal, php, picture, pictures, podcast, politics, politik, pr, press, presse, privacy, privatsphäre, productivity, programming, protest, qtalk, quintessenz, quote, quotes, radio, rant, recherche, recht, release, review, rezension, rss, science, search, security, server, sf, shaarli, Show-n-tell thursday, sicherheit, silverlight, SnTT, social media, software, sony, sound, space, spam, sprache, spö, ssh, ssl, standards, storage, story, stupid, summerspecial, sun, sysadmin, talk, talks, technology, The Hitchhikers Guide to the Galaxy, theme, think, thinkpad, tip, tipp, tools, topgear, torrent, towel, Towel Day, TowelDay, travel, truth, tv, twitter, ubuntu, uk, unix, update, usa, vds, video, videoüberwachung, vienna, vim, Vim, vista, vorratsdatenspeicherung, vortrag, wahl, wcm, web, web 2.0, web2.0, web20, Web20, webdesign, werbung, wien, wiener linien, wikileaks, windows, windows 7, wired, wishlist, wissen, Wissen_ist_Macht, wlan, work, wow, wtf, Wunschzettel, wunschzettel, www, xbox, xml, xp, zensur, zukunft, zune, österreich, övp, übersetzung, überwachung

AFK Readinglist