Configuring StartSSL with Debian Squeeze and gnutls

This is primarily a reminder for myself. ;)

Generate a cetificate request:
openssl req -new -newkey rsa:4096 -days 365 -nodes -keyout example.com.key -out example.co,m.csr

Go to StartSSL -> Certficiates Wizard - Web Server SSL/TLS Certificate.
Continue, Skip, [Paste Content of example.com.csr] into the form, Submit, [Copy certbox], Finish

On the server, create a crt file and copy the certificate from StartSSL into the file:

vim example.com.crt
paste content of StartSSL result screen

Download sub.class1.server.ca.crt and ca.pem from „https://www.startssl.com/ | Toolbox | StartCom CA Certificates”

Prepare the certificate by adding the interim certificates to it.

mv ca.pem startssl-ca.pem
mv sub.class1.server.ca.pem startssl-sub.class1.server.ca.pem
cat example.com.crt sub.class2.server.ca.pem > example.com-gnutls.crt

Remove the password from the key, otherwise Apache will prompt for the password at every restart/reboot:
openssl rsa -in example.com.key -out nopwd-example.com.key

Not just modify your virtual host settings and you are good to go.

<VirtualHost *:443>
    ServerName www.example.com:443
    ServerAlias example.com:443
 
    ProxyRequests Off
    ProxyPreserveHost On
 
    ProxyPass / http://127.0.0.1:81/
    ProxyPassReverse / http://127.0.0.1:81/
 
    <Proxy http://127.0.0.1:81>
        Order deny,allow
        Allow from all
    </Proxy>
 
    # Enable/Disable SSL for this virtual host.
    GnuTLSEnable on
    #GnuTLSSessionTickets on
    GnuTLSPriorities NORMAL
    GnuTLSCertificateFile /etc/ssl/private/example.com.gnu-tls.crt
    GnuTLSKeyFile /etc//ssl/private/nopwd-example.com.key
    GnuTLSPriorities NORMAL
</VirtualHost>

Tagged as: debian, gnutls, ssl, startssl | Author: Martin Leyrer
[Samstag, 20120421, 16:25 | permanent link | 0 Kommentar(e)