Generating SSL Certificate in DAB Appliances

From Proxmox VE
Jump to navigation Jump to search

Introduction

If the Makefile for DAB has:

dab install apache2-mpm-prefork apache2

then all SSL related files will have been installed like the ssl-cert package which now has the make-ssl-cert program.

This article describes ways to generate the SSL certificates for maintaining uniqueness amongst cloned VMs or for those that have none.

Console TextGUI method

One such easy and simple method using a console TextGUI is shown below:

make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem 

Private/Public Key pair method

Another method using a Private/Public Key pair is achieved by:

cd /etc/ssl/private
openssl genrsa 1024 > mysite.pem
cd /etc/ssl/certs
openssl req -new -key ../private/mysite.pem -x509 -days 9999 -out mysite.pem
/etc/init.d/apache2 reload

SSL key regeneration

To regenerate the existing template SSL keys, another method is:

make-ssl-cert generate-default-snakeoil --force-overwrite

The snakeoil files in the /etc/ssl/certs/ and /etc/ssl/private folders get re-genertaed with the above command.