Enable Ssl On Ubuntu

Enable SSL on Ubuntu

Secure Sockets Layer (SSL) is a security feature that many websites offer, allowing them to accept and protect sensitive information while it transmits over the Internet. Ubuntu was originally designed as a server operating system, and though it is much more robust now, you can still use it in a server capacity. You can secure an Ubuntu server using SSL, whether it is storing information or running your Web page.

Instructions serial && touch index.txt

6. Create your sample certificate configuration file. Create a file named “~/myCA/caconfig.cnf” in a text editor. According to the Ubuntu community documentation, insert the following information into the caconfig.cnf file.

# My sample caconfig.cnf file.

#

# Default configuration to use when one is not provided on the command line.

#

[ ca ]

default_ca = local_ca

#

#

# Default location of directories and files needed to generate certificates.

#

[ local_ca ]

dir = /home//myCA

certificate = $dir/cacert.pem

database = $dir/index.txt

new_certs_dir = $dir/signedcerts

private_key = $dir/private/cakey.pem

serial = $dir/serial

#

#

# Default expiration and encryption policies for certificates.

#

default_crl_days = 365

default_days = 1825

default_md = md5

#

policy = local_ca_policy

x509_extensions = local_ca_extensions

#

#

# Default policy to use when generating server certificates. The following

# fields must be defined in the server certificate.

#

[ local_ca_policy ]

commonName = supplied

stateOrProvinceName = supplied

countryName = supplied

emailAddress = supplied

organizationName = supplied

organizationalUnitName = supplied

#

#

# x509 extensions to use when generating server certificates.

#

[ local_ca_extensions ]

subjectAltName = DNS:alt.tradeshowhell.com

basicConstraints = CA:false

nsCertType = server

#

#

# The default root certificate generation policy.

#

[ req ]

default_bits = 2048

default_keyfile = /home//myCA/private/cakey.pem

default_md = md5

#

prompt = no

distinguished_name = root_ca_distinguished_name

x509_extensions = root_ca_extensions

#

#

# Root Certificate Authority distinguished name. Change these fields to match

# your local environment!

#

[ root_ca_distinguished_name ]

commonName = MyOwn Root Certificate Authority

stateOrProvinceName = NC

countryName = US

emailAddress = root@tradeshowhell.com

organizationName = Trade Show Hell

organizationalUnitName = IT Department

#

[ root_ca_extensions ]

basicConstraints = CA:true

Personalize the information in the file, such as your username, your email and the organization. The instructions in the caconfig.cnf help you adjust the fields that need it.

7. Create your certificate. Use this command to generate the Certificate Authority Root Certificate and Key:

export OPENSSL_CONF=~/myCA/caconfig.cnf

Then generate the CA certificate for the server by inputting this command in the terminal:

openssl req -x509 -newkey rsa:2048 -out cacert.pem -outform PEM -days 1825

and enter your password or passphrase.


READ  Samsung Captivate Document Editor Tutorial