Commit 4461ba35 authored by Dr. Martin Goik's avatar Dr. Martin Goik

Additiona tibs creating own CA to be used for signing

parent 97c77cc3
......@@ -132,48 +132,67 @@
<section xml:id="sdiApacheSsl">
<title>SSL / <xref linkend="glo_TLS"/> Support</title>
<para>SSL may be enabled by adding self-signed certificates. However a
more clever approach involves:</para>
<para><xref linkend="glo_SSL"/> may be enabled by adding self-signed
certificates. However a more clever approach involves:</para>
<orderedlist>
<listitem>
<para>Create a certificate authority (CA) prior to generating any
SSL certificates.</para>
<xref linkend="glo_SSL"/> certificates.</para>
</listitem>
<listitem>
<para>Import this CA to any client accessing your SSL host.</para>
<para>Import this CA to any client accessing your <xref
linkend="glo_SSL"/> host.</para>
</listitem>
<listitem>
<para>Creating an SSL certificate for any desired service.</para>
<para>Create an <xref linkend="glo_SSL"/> certificate for any
desired service.</para>
</listitem>
</orderedlist>
<para>The following docs may help you:</para>
<itemizedlist>
<listitem>
<para><link
xlink:href="https://httpd.apache.org/docs/2.4/ssl">Apache SSL/TLS
Encryption</link></para>
</listitem>
<listitem>
<para><link
xlink:href="http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority">Creating
Your Own SSL Certificate Authority (and Dumping Self Signed
Certs)</link></para>
</listitem>
</itemizedlist>
<tip>
<para>Using SSL with Apache requires the activation of the
corresponding module. The Ubuntu version of Apache comes with a two
command <command>a2enmod</command> and <command>a2dismod</command> to
enable or disable modules. This will affect the creation of symbolic
links from <filename>/etc/apache2/mods-enabled</filename> to
<filename>/etc/apache2/mods-available</filename>.</para>
<itemizedlist>
<listitem>
<para>Using <xref linkend="glo_SSL"/> with Apache requires the
activation of the corresponding module. The <xref
linkend="glo_Ubuntu"/> version of Apache comes with two commands
<command>a2enmod</command> and <command>a2dismod</command> for
enabling and disabling modules by managing symbolic links from
<filename>/etc/apache2/mods-enabled</filename> to
<filename>/etc/apache2/mods-available</filename>.</para>
</listitem>
<listitem>
<para><link
xlink:href="https://httpd.apache.org/docs/2.4/ssl">Apache SSL/TLS
Encryption</link></para>
</listitem>
<listitem>
<para><link
xlink:href="http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority">Creating
Your Own SSL Certificate Authority (and Dumping Self Signed
Certs)</link></para>
</listitem>
<listitem>
<para>The previously linked recipe may fail for
<productname>Google Chrome</productname> being pickier about
certificates than <acronym>i.e.</acronym> the <productname>Firefox
browser</productname>. Consider <link
xlink:href="https://stackoverflow.com/questions/30977264/subject-alternative-name-not-present-in-certificate#answer-47779814">stackoverflow.com</link>
for providing a <quote>Subject Alternative Name</quote> extension
when creating your certificate signing request. The subsequent
certificate creation may require a <code>keyUsage =
nonRepudiation, digitalSignature, keyEncipherment</code>
configuration as being proposed by <link
xlink:href="https://superuser.com/questions/1451895/err-ssl-key-usage-incompatible-solution#answer-1466427">superuser.com</link>.</para>
</listitem>
</itemizedlist>
</tip>
</section>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment