Linux/OpenSSL: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
keine Bearbeitungszusammenfassung
Thomas (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
Thomas (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
||
| Zeile 1: | Zeile 1: | ||
=Quelle= | =Self-signed Zertifikat= | ||
==Quelle== | |||
http://christopher.wojno.com/articles/2008/11/04/going-ssl-with-your-own-root-ca und http://christopher.wojno.com/articles/2008/11/08/creating-your-own-apache-ssl-certificate-signed-by-your-root-ca | http://christopher.wojno.com/articles/2008/11/04/going-ssl-with-your-own-root-ca und http://christopher.wojno.com/articles/2008/11/08/creating-your-own-apache-ssl-certificate-signed-by-your-root-ca | ||
=Vorbereitung= | ==Vorbereitung== | ||
mkdir /root/ca | mkdir /root/ca | ||
chmod 700 /root/ca | chmod 700 /root/ca | ||
| Zeile 11: | Zeile 13: | ||
chmod 700 private | chmod 700 private | ||
=Root/CA-Zertifikat erstellen= | ==Root/CA-Zertifikat erstellen== | ||
cd /root/ca | cd /root/ca | ||
openssl genrsa -out private/cakey.pem -des3 2048 | openssl genrsa -out private/cakey.pem -des3 2048 | ||
| Zeile 19: | Zeile 21: | ||
chmod 0660 serial.srl | chmod 0660 serial.srl | ||
=Server-Zertifikat erstellen (z.B. für Apache, Postfix, IMAP)= | ==Server-Zertifikat erstellen (z.B. für Apache, Postfix, IMAP)== | ||
cd /root/ca | cd /root/ca | ||
openssl genrsa -out www.pem 2048 | openssl genrsa -out www.pem 2048 | ||
| Zeile 26: | Zeile 28: | ||
openssl x509 -req -days 3659 -in www.csr -CA certs/cacert.crt -CAkey private/cakey.pem -CAserial serial.srl -out www.crt | openssl x509 -req -days 3659 -in www.csr -CA certs/cacert.crt -CAkey private/cakey.pem -CAserial serial.srl -out www.crt | ||
=Server-Zertifikat in Apache einbinden= | ==Server-Zertifikat in Apache einbinden== | ||
cd /root/ca | cd /root/ca | ||
cp certs/cacert.crt /etc/apache2/ssl/ | cp certs/cacert.crt /etc/apache2/ssl/ | ||
| Zeile 39: | Zeile 41: | ||
SSLCertificateChainFile /etc/apache2/ssl/cacert.crt | SSLCertificateChainFile /etc/apache2/ssl/cacert.crt | ||
=Server-Zertifikat in Postfix einbinden= | ==Server-Zertifikat in Postfix einbinden== | ||
cd /root/ca | cd /root/ca | ||
cp certs/cacert.crt /etc/postfix/ | cp certs/cacert.crt /etc/postfix/ | ||
| Zeile 52: | Zeile 54: | ||
smtpd_tls_CAfile = /etc/postfix/cacert.crt | smtpd_tls_CAfile = /etc/postfix/cacert.crt | ||
=Server-Zertifikat in uw-imap einbinden= | ==Server-Zertifikat in uw-imap einbinden== | ||
cd /root/ca | cd /root/ca | ||
cat www.pem >/etc/ssl/certs/imapd.pem | cat www.pem >/etc/ssl/certs/imapd.pem | ||
cat www.crt >>/etc/ssl/certs/imapd.pem | cat www.crt >>/etc/ssl/certs/imapd.pem | ||
chmod 600 /etc/ssl/certs/imapd.pem | chmod 600 /etc/ssl/certs/imapd.pem | ||