Nessun risultato. Prova con un altro termine.
Guide
Notizie
Software
Tutorial

Apache e SSL - II

Come configurare Apache per la gestione di connessioni protette con SSL: creazione dei certificati
Come configurare Apache per la gestione di connessioni protette con SSL: creazione dei certificati
Link copiato negli appunti

Generiamo innanzitutto la chiave privata, che verrà salvata in chiaro su filesystem (proteggere quindi in lettura: 400 root root). Da questa verrà poi ricavata la chiave pubblica (si ricordi che, invece, il viceversa non è a tutt'oggi realisticamente percorribile).

su -
cd /etc/apache2/
openssl genrsa -out server.key 1024

Generiamo ora il CSR daproteggere in lettura con permessi impostati a 400.

openssl req -new -key server.key -out server.csr

Il sistema ci chiederà di inserire alcune informazioni (in rosso nell'esempio):

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IT
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []: Verona
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []: www.mio_server.com
Email Address []: marco@mycompany.it

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []: 

Infine auto-firmiamo il file server.csr ottenuto dalla procedura di sopra e proteggiamo in lettura il file server.crt

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Visionando in chiaro il file appena creato:

openssl x509 -text -in server.crt

otterremo:

Certificate:
    Data:
       Version: 1 (0x0)
       Serial Number:
           89:94:00:87:d5:39:29:36
       Signature Algorithm: sha1WithRSAEncryption
       Issuer: C=IT, L=Verona, O=MyCompany, CN=www.mio_server.com/emailAddress=marco@mycompany.it
       Validity
           Not Before: Jan  9 12:12:47 2007 GMT
           Not After : Jan  9 12:12:47 2008 GMT
       Subject: C=IT, L=Verona, O=MyCompany, CN=www.mio_server.com/emailAddress=marco@mycompany.it
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
           RSA Public Key: (1024 bit)
               Modulus (1024 bit):
                   00:a0:80:b6:60:1d:79:75:d1:7f:e5:de:ca:02:e0:
                   a4:77:16:8f:fe:79:8c:b2:ea:32:b4:f4:a6:d9:28:
                   df:55:dd:da:63:1b:e9:c0:c9:e3:2d:23:e5:59:c7:
                   3d:c4:df:67:f5:cb:91:12:cb:96:2b:b2:fa:58:bd:
                   c0:3f:16:15:08:e8:c7:8c:cf:5c:63:de:d4:0e:1b:
                   dc:fc:c6:10:45:3d:1a:65:e5:77:b8:36:3e:8e:c8:
                   42:b3:9e:cb:61:22:63:e8:1f:e9:3d:59:c4:ba:42:
                   3f:e2:35:db:f3:22:8d:b3:1f:a5:c5:6f:8b:8c:f5:
                   37:58:6b:25:17:b3:4d:89:27
               Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
       96:2e:75:75:82:22:c5:79:9c:f3:60:0f:19:43:97:89:06:8a:
       be:5d:47:75:4c:28:00:41:65:a8:8b:e4:71:5a:79:07:24:eb:
       e8:2e:8b:1c:56:c9:d9:56:ff:de:d7:a6:a0:69:56:81:c6:1a:
       d9:53:0b:40:5a:78:70:3c:cc:f2:c5:c0:0f:af:47:18:ff:97:
       0e:eb:ec:eb:ff:22:ea:a6:ac:87:54:51:e2:83:c1:36:2c:8b:
       a4:95:fc:76:a2:d2:1a:5e:af:d3:7c:d9:fb:21:e7:c9:6e:f3:
       d6:52:99:46:fb:31:13:d7:df:24:33:bb:5a:1e:ff:e4:ef:92:
       32:82
-----BEGIN CERTIFICATE-----
MIICWzCCAcQCCQCJlACH1TkpNjANBgkqhkiG9w0BAQUFADByMQswCQYDVQQGEwJJ
VDEPMA0GA1UEBxMGVmVyb25hMRIwEAYDVQQKEwlNeUNvbXBhbnkxGzAZBgNVBAMU
End3dy5taW9fc2VydmVyLmNvbTEhMB8GCSqGSIb3DQEJARYSbWFyY29AbXljb21w
YW55Lml0MB4XDTA3MDEwOTEyMTI0N1oXDTA4MDEwOTEyMTI0N1owcjELMAkGA1UE
BhMCSVQxDzANBgNVBAcTBlZlcm9uYTESMBAGA1UEChMJTXlDb21wYW55MRswGQYD
VQQDFBJ3d3cubWlvX3NlcnZlci5jb20xITAfBgkqhkiG9w0BCQEWEm1hcmNvQG15
Y29tcGFueS5pdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoIC2YB15ddF/
5d7KAuCkdxaP/nmMsuoytPSm2SjfVd3aYxvpwMnjLSPlWcc9xN9n9cuREsuWK7L6
WL3APxYVCOjHjM9cY97UDhvc/MYQRT0aZeV3uDY+jshCs57LYSJj6B/pPVnEukI/
4jXb8yKNsx+lxW+LjPU3WGslF7NNiScCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCW
LnV1giLFeZzzYA8ZQ5eJBoq+XUd1TCgAQWWoi+RxWnkHJOvoLoscVsnZVv/e16ag
aVaBxhrZUwtAWnhwPMzyxcAPr0cY/5cO6+zr/yLqpqyHVFHig8E2LIuklfx2otIa
Xq/TfNn7IefJbvPWUplG+zET198kM7taHv/k75Iygg==
-----END CERTIFICATE-----


Ti consigliamo anche