Difference between revisions of "Generating SSL Certificate in DAB Appliances"
Jump to navigation
Jump to search
(Created page with 'If the '''Makefile''' for DAB has: dab install apache2-mpm-prefork apache2 then all SSL related files will have been installed like the '''ssl-cert'…') |
|||
| Line 1: | Line 1: | ||
| + | == Introduction == | ||
If the '''Makefile''' for [[Debian Appliance Builder|DAB]] has: | If the '''Makefile''' for [[Debian Appliance Builder|DAB]] has: | ||
dab install apache2-mpm-prefork apache2 | dab install apache2-mpm-prefork apache2 | ||
then all SSL related files will have been installed like the '''ssl-cert''' package which now has the [http://man.he.net/man8/make-ssl-cert make-ssl-cert] program. | then all SSL related files will have been installed like the '''ssl-cert''' package which now has the [http://man.he.net/man8/make-ssl-cert make-ssl-cert] program. | ||
| + | This article describes ways to generate the SSL certificates for maintaining uniqueness amongst cloned VMs or for those that have none. | ||
| + | |||
| + | == Console TextGUI method == | ||
One such easy and simple method using a console TextGUI is shown below: | One such easy and simple method using a console TextGUI is shown below: | ||
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem | make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem | ||
| + | == Private/Public Key pair method == | ||
Another method using a Private/Public Key pair is achieved by: | Another method using a Private/Public Key pair is achieved by: | ||
cd /etc/ssl/private | cd /etc/ssl/private | ||
| Line 13: | Line 18: | ||
/etc/init.d/apache2 reload | /etc/init.d/apache2 reload | ||
| + | == SSL key regeneration == | ||
To regenerate the existing template SSL keys, another method is: | To regenerate the existing template SSL keys, another method is: | ||
make-ssl-cert generate-default-snakeoil --force-overwrite | make-ssl-cert generate-default-snakeoil --force-overwrite | ||
The snakeoil files in the '''/etc/ssl/certs/''' and '''/etc/ssl/private''' folders get re-genertaed with the above command. | The snakeoil files in the '''/etc/ssl/certs/''' and '''/etc/ssl/private''' folders get re-genertaed with the above command. | ||
| + | |||
| + | [[Category: HOWTO]] | ||
Revision as of 17:13, 7 May 2013
Introduction
If the Makefile for DAB has:
dab install apache2-mpm-prefork apache2
then all SSL related files will have been installed like the ssl-cert package which now has the make-ssl-cert program.
This article describes ways to generate the SSL certificates for maintaining uniqueness amongst cloned VMs or for those that have none.
Console TextGUI method
One such easy and simple method using a console TextGUI is shown below:
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
Private/Public Key pair method
Another method using a Private/Public Key pair is achieved by:
cd /etc/ssl/private openssl genrsa 1024 > mysite.pem cd /etc/ssl/certs openssl req -new -key ../private/mysite.pem -x509 -days 9999 -out mysite.pem /etc/init.d/apache2 reload
SSL key regeneration
To regenerate the existing template SSL keys, another method is:
make-ssl-cert generate-default-snakeoil --force-overwrite
The snakeoil files in the /etc/ssl/certs/ and /etc/ssl/private folders get re-genertaed with the above command.