Difference between revisions of "Generating SSL Certificate in DAB Appliances"

From Proxmox VE
Jump to navigation Jump to search
(Created page with 'If the '''Makefile''' for DAB has: dab install apache2-mpm-prefork apache2 then all SSL related files will have been installed like the '''ssl-cert'…')
 
Line 1: Line 1:
 +
== Introduction ==
 
If the '''Makefile''' for [[Debian Appliance Builder|DAB]] has:
 
If the '''Makefile''' for [[Debian Appliance Builder|DAB]] has:
 
  dab install apache2-mpm-prefork apache2
 
  dab install apache2-mpm-prefork apache2
 
then all SSL related files will have been installed like the '''ssl-cert''' package which now has the [http://man.he.net/man8/make-ssl-cert make-ssl-cert] program.
 
then all SSL related files will have been installed like the '''ssl-cert''' package which now has the [http://man.he.net/man8/make-ssl-cert make-ssl-cert] program.
  
 +
This article describes ways to generate the SSL certificates for maintaining uniqueness amongst cloned VMs or for those that have none.
 +
 +
== Console TextGUI method ==
 
One such easy and simple method using a console TextGUI is shown below:
 
One such easy and simple method using a console TextGUI is shown below:
 
  make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem  
 
  make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem  
  
 +
== Private/Public Key pair  method ==
 
Another method using a Private/Public Key pair is achieved by:
 
Another method using a Private/Public Key pair is achieved by:
 
  cd /etc/ssl/private
 
  cd /etc/ssl/private
Line 13: Line 18:
 
  /etc/init.d/apache2 reload
 
  /etc/init.d/apache2 reload
  
 +
== SSL key regeneration ==
 
To regenerate the existing template SSL keys, another method is:
 
To regenerate the existing template SSL keys, another method is:
 
  make-ssl-cert generate-default-snakeoil --force-overwrite
 
  make-ssl-cert generate-default-snakeoil --force-overwrite
 
The snakeoil files in the '''/etc/ssl/certs/''' and '''/etc/ssl/private''' folders get re-genertaed with the above command.
 
The snakeoil files in the '''/etc/ssl/certs/''' and '''/etc/ssl/private''' folders get re-genertaed with the above command.
 +
 +
[[Category: HOWTO]]

Revision as of 18:13, 7 May 2013

Introduction

If the Makefile for DAB has:

dab install apache2-mpm-prefork apache2

then all SSL related files will have been installed like the ssl-cert package which now has the make-ssl-cert program.

This article describes ways to generate the SSL certificates for maintaining uniqueness amongst cloned VMs or for those that have none.

Console TextGUI method

One such easy and simple method using a console TextGUI is shown below:

make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem 

Private/Public Key pair method

Another method using a Private/Public Key pair is achieved by:

cd /etc/ssl/private
openssl genrsa 1024 > mysite.pem
cd /etc/ssl/certs
openssl req -new -key ../private/mysite.pem -x509 -days 9999 -out mysite.pem
/etc/init.d/apache2 reload

SSL key regeneration

To regenerate the existing template SSL keys, another method is:

make-ssl-cert generate-default-snakeoil --force-overwrite

The snakeoil files in the /etc/ssl/certs/ and /etc/ssl/private folders get re-genertaed with the above command.