You may have done this: ssh-keygen and ssh-copy-id and now you want to enable SSL. With Eric Ambergs "Linux-Server" book and Converting keys between openssl and openssh, I did this so far:
Even though this took me a while, I did it the first time, it was important because now I can secure a lot of my connections, e.g. postfixadmin with roundcube and dovecot in the background ;)
- local: "scp MYKEY root@remote.server:~"
after this its just remote: - "a2enmod ssl"
- "mkdir /etc/apache2/ssl"
- "openssl req -x509 -days 365 -new -key MYKEY -out /etc/apache2/ssl/nedab.de.pem" and make sure you use a wildcard domain as common name, e.g. *.common.com. That way your certificate is valid for all subdomains.
- "a2enmod redirect"
- virtualhost in /etc/apache/site-available with help from Redirect Request to SSL:
<VirtualHost *:80> ServerName .......... Redirect permanent / https://........../ </VirtualHost> <VirtualHost _default_:443> SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/apache2/ssl/........pem SSLCertificateKeyFile /etc/apache2/ssl/MYKEY ServerName ....... DocumentRoot /var/www/html/ssl #CustomLog "/var/log/httpd/one-access.log" combined #ErrorLog "/var/log/httpd/one-error.log" #Redirect permanent http://....... https://......... # <IfModule mod_rewrite.c> # RewriteEngine On # RewriteCond %{HTTPS} off # RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # </IfModule> <Directory /var/www/html/ssl> AllowOverride none Order Allow,Deny Allow from all </Directory> </VirtualHost>
- "a2ensite YOURHOST"
- "service /etc/apache2 restart"
Even though this took me a while, I did it the first time, it was important because now I can secure a lot of my connections, e.g. postfixadmin with roundcube and dovecot in the background ;)
Kommentare
Kommentar veröffentlichen