Certificat SSL

From Tuxunix

Jump to: navigation, search

Contents

Certificat SSL autocertifié

  • openssl genrsa -out server.key 1024 
03:51 root@tuxedo /tmp $ openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..........++++++
..++++++
e is 65537 (0x10001)
  • openssl req -new -x509 -days 365 -key server.key -out server.crt 
03:51 root@tuxedo /tmp $ openssl req -new -x509 -days 365 -key server.key -out server.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [FR]:FR
State or Province Name (full name) [Some-State]:France
Locality Name (eg, city) []:Vicheres
Organization Name (eg, company) [Internet Widgits Pty Ltd]:No company
Organizational Unit Name (eg, section) []:No section
Common Name (eg, YOUR name) []:*.tuxedo.fr
Email Address []:pierre@tuxedo.fr

Configuration Apache2 

<VirtualHost *:443>
...
#SSL
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
...
</VirtualHost>

SSL V3

Modifier le virtualhost en précisent les lignes en gras : 

#SSL
SSLEngine On
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key


Vérification SSL V3 

#> openssl s_client -connect localhost:443
SSL handshake has read 1495 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 1EC1ED86D7F363E15D7A0CE8297B2F5B1358A6CFCAEE9BEF5848406A04090679
    Session-ID-ctx:
    Master-Key:  CE1133258E0B99B14AF0141E239A818095A6E7A27A74C5E102B6D9338F8B155E1A25056F28249D8627AC97B87A6F25A0 
    Key-Arg   : None
    Start Time: 1280849648
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
Retrieved from "http://wiki.tuxunix.com/index.php/Certificat_SSL"
Personal tools