ssl

Lets Encrypt

LetsEncrypt
On CentOS 7, enable the optional channel for the EPEL repository:

yum -y install yum-utils
yum -y install epel-release

Then install certbot:

yum install certbot

Pound as SSL proxy
Edit /usr/local/etc/pound.cfg to redirect Certbot verifications:

Pound SSL Proxy

https://secwise.nl/lets-encrypt-certifcates-and-pound-load-balancer/

SSL Encryption
Create a private key to encrypt a site:

mkdir -p ~/.ssl/pound
cd ~/.ssl/pound

Generate an RSA private key for the server:

openssl genrsa -out server.key 2048

Then create the Certificate Signing Request file, or CSR.

Technology:

Self-Signed SSL Certificates

A self-signed certificate is an identity certificate that is signed by its own creator, rather than paying a certified third-party to sign it.

Instructions adapted from http://www.tc.umn.edu/~brams006/selfsign.html.

Rather than paying for an SSL certificate from a signing authority, we'll use a self-signed certificate to provide encryption in Apache. The client's web browser will prompt them to whether the certificate should be accepted or not - if that is going to be a problem, then you'll need to get a certificate from a recognized signing authority.

Create a directory, readable only by root to hold our working files:

mkdir ~/cert
chmod 600 ~/cert
cd ~/cert

Technology:

SSL with Lighttpd

Use SSL encryption on your Lighttpd webserver.

Lighttpd installation
Lighttpd needs to be configured and compiled with SSL enabled:

./configure --with-openssl
make
make install

After lighty has been installed, you can confirm that it has been compiled with ssl enabled:

lighttpd -v

SSL Configuration

Technology:

Secure Drupal login

Make Drupal encrypt your login with SSL.

Technology:

Port 465

An SSL-encrypted SMTP service so your users can send mail through your server without passing clear-text passwords across the network.

Set up the service directory, download John Simpson's SMTP run script, and set it's permissions:

cd /var/service
mkdir -m 1755 smtp-ssl
cd smtp-ssl
wget http://qmail.jms1.net/scripts/service-qmail-smtpd-run
mv service-qmail-smtpd-run run
chmod 700 run

Edit /var/service/smtp-ssl/run and set the appropriate options:

IP=
PORT=465
SSL=1

Technology:

SSL Encryption

Secure communication with your web server by using self-signed SSL certificates.

The typical method of enabling SSL encryption in Apache is to use mod_ssl. A downside of that approach is that SSL does not work with name-based Virtual Hosts (Why can't I use SSL with name-based/non-IP-based virtual hosts?).

Technology:

Subscribe to RSS - ssl

Recent Updates

  • 9 months 2 weeks ago
  • 9 months 2 weeks ago
  • 9 months 2 weeks ago
    php 8.x
  • 9 months 2 weeks ago
    10.6.7
  • 9 months 2 weeks ago
    Drop Centos 5/6 stuff