ssl

Lets Encrypt

LetsEncrypt
On CentOS 7, enable the optional channel for the EPEL repository:

yum -y install yum-utils
yum -y install epel-release

Then install certbot:

yum install certbot

Pound as SSL proxy
Edit /usr/local/etc/pound.cfg to redirect Certbot verifications:

Pound SSL Proxy

https://secwise.nl/lets-encrypt-certifcates-and-pound-load-balancer/

Certbot
Install certbot

yum -y install certbot

Enable automatic renewals:

systemctl start certbot-renew.timer

Create a web directory for the web challenges:

Self-Signed SSL Certificates

A self-signed certificate is an identity certificate that is signed by its own creator, rather than paying a certified third-party to sign it.

Instructions adapted from http://www.tc.umn.edu/~brams006/selfsign.html.

Rather than paying for an SSL certificate from a signing authority, we'll use a self-signed certificate to provide encryption in Apache. The client's web browser will prompt them to whether the certificate should be accepted or not - if that is going to be a problem, then you'll need to get a certificate from a recognized signing authority.

Create a directory, readable only by root to hold our working files:

mkdir ~/cert
chmod 600 ~/cert
cd ~/cert

Technology:

SSL with Lighttpd

Use SSL encryption on your Lighttpd webserver.

Lighttpd installation
Lighttpd needs to be configured and compiled with SSL enabled:

./configure --with-openssl
make
make install

After lighty has been installed, you can confirm that it has been compiled with ssl enabled:

lighttpd -v

SSL Configuration

Technology:

Secure Drupal login

Make Drupal encrypt your login with SSL.

Technology:

Port 465

An SSL-encrypted SMTP service so your users can send mail through your server without passing clear-text passwords across the network.

Set up the service directory, download John Simpson's SMTP run script, and set it's permissions:

cd /var/service
mkdir -m 1755 smtp-ssl
cd smtp-ssl
wget http://qmail.jms1.net/scripts/service-qmail-smtpd-run
mv service-qmail-smtpd-run run
chmod 700 run

Edit /var/service/smtp-ssl/run and set the appropriate options:

IP=
PORT=465
SSL=1

Technology:

SSL Encryption

Secure communication with your web server by using self-signed SSL certificates.

The typical method of enabling SSL encryption in Apache is to use mod_ssl. A downside of that approach is that SSL does not work with name-based Virtual Hosts (Why can't I use SSL with name-based/non-IP-based virtual hosts?).

Technology:

Subscribe to RSS - ssl

Recent Updates

  • 1 month 23 hours ago
    1.27.2 update
  • 1 month 1 week ago
    Drupal 10/11 config
  • 1 month 1 week ago
  • PHP
    1 month 1 week ago
    PHP 8.3.11 and AlmaLinux
  • 1 month 2 weeks ago
    New version of Pound