This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About trice
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About trice
05-30-2023
2Posts
1Like
0Solutions
May 30, 2023Last Visited
User
Activity
User
Profile
Latest posts by trice
| Subject | Views | Posted |
|---|---|---|
| 3085 | 04-01-2021 10:34 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 04-01-2021 10:34 AM |
User Badges
Community Statistics
| Member Since | 09-14-2020 09:00 AM |
| Date Last Visited | 05-30-2023 12:36 PM |
| Posts | 2 |
| Total Likes Received | 1 |
04-01-2021
10:34 AM
1 Kudo
Let's create a new certificate for Expedition!
First we need to create a CSR to get signed by an external CA. Copy the stanza below and edit for your Expeditions' settings. Save it as req.conf.
expedition@Expedition:~$ mkdir ssl && cd ssl expedition@Expedition:~/ssl$ vi req.conf
[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = OR L = Portland O = RiceCasa OU = Tooling CN = expedtion.example.com [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = expedition.example.com DNS.2 = expedition IP.1 = 10.1.0.34
With the req.conf configured, create the CSR:
expedition@Expedition:~/ssl$ openssl req -new -out expedition.csr -newkey rsa:2048 -nodes -sha256 -keyout expedition.key -config req.conf
Generating a 2048 bit RSA private key ..................................................+++ ........+++ writing new private key to 'expedition.key' -----
expedition@Expedition:~/ssl$ ls -l total 20 drwxrwxr-x 2 expedition expedition 4096 Apr 1 11:49 ./ drwxr-xr-x 6 expedition expedition 4096 Apr 1 11:49 ../ -rw-rw-r-- 1 expedition expedition 1167 Apr 1 11:49 expedition.csr -rw-rw-r-- 1 expedition expedition 1704 Apr 1 11:49 expedition.key -rw-rw-r-- 1 expedition expedition 386 Apr 1 11:48 req.conf expedition@Expedition:~/ssl$
Copy the content of the expedition.csr and submit it to your CA: expedition@Expedition:~/ssl$ more expedition.csr -----BEGIN CERTIFICATE REQUEST----- ..... removed ..... -----END CERTIFICATE REQUEST-----
Get that signed, and save the signed cert as expedition.crt
Change the permissions of the private key: expedition@Expedition:~/ssl$ chmod 400 expedtion.key
Move the certs to the proper locations: expedition@Expedition:~/ssl$ sudo mv expedition.key /etc/ssl/private/ expedition@Expedition:~/ssl$ sudo mv expedition.crt /etc/ssl/certs/
Edit Apache's config: expedition@Expedition:~/ssl$ sudo vi /etc/apache2/sites-enabled/default-ssl.conf
Find these lines: SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Edit them to: SSLCertificateFile /etc/ssl/certs/expedition.crt SSLCertificateKeyFile /etc/ssl/private/expedition.key
Restart apache. expedition@Expedition:~/ssl$ sudo service apache2 restart
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-30-2023
12:36 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks