Search results “Iis 6 ssl certificate renewal 2048 bitcoin”
Create self signed certificates with Subject Alternative Names
This video explains how to create a self signed certificate with Subject Alternative Names (SAN). A certificate with Subject Alternative Names is a single certificate supporting multiple Common Names (CN), for example: - mobilefish.com - sand.mobilefish.com - baidu.com - china.com This means this single certificate can be used in multiple URLs: - https://mobilefish.com - https://sand.mobilefish.com - https://baidu.com - https://china.com Chrome browsers will issue a warning if your SSL certificate does not specify Subject Alternative Names. This video assumes that you have installed OpenSSL. More information how to install and use OpenSSL:https://www.openssl.org To check if your system has OpenSSL installed, type: openssl version -a The procedure to create self signed certificates with Subject Alternative names is also documented at: https://www.mobilefish.com/developer/apache/apache_quickguide_install_macos_sierra.html Warning: Never use self signed certificates in production environments. It is okay to use it in development or testing environments. 1. Create a 2048 bit Certificate Authority (CA) private key: sudo openssl genrsa -out privkey.pem 2048 The CA private key is created: privkey.pem 2. Create a self signed CA certificate: sudo openssl req -new -x509 -days 3650 -nodes -key privkey.pem -sha256 -out ca.pem 3. Create a 2048 bit Certificate Authority (CA) certificate: Country Name (2 letter code) [AU]:NL State or Province Name (full name) [Some-State]:Noord-Holland Locality Name (eg, city) []:Zaandam Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mobilefish.com CA The CA certificate is created: ca.pem 4. Create a server configuration file (server.csr.cnf). Example: https://www.mobilefish.com/download/openssl/sand.mobilefish.csr.cnf.txt Download and modify the server configuration file according to your situation. [dn] C=NL ST=Zaandam L=Noord-Holland O=End Point OU=Research and development [email protected] CN = sand.mobilefish.com 5. Create a server Certificate Signing Request (CSR) and server private key. sudo openssl req -new -nodes -out server.csr -keyout server.key -config server.csr.cnf The server CSR is created: server.csr The server private key is created: server.key 6. Create a server extension file (server_v3.ext). Example: https://www.mobilefish.com/download/openssl/sand.mobilefish_v3.ext.txt Modify the server extension file according to your situation. Add Subject Alternative Names: [alt_names] DNS.1 = sand.mobilefish.com DNS.2 = proxy.mobilefish.com In the sever configuration file (server.csr.cnf) I have used “CN = sand.mobilefish.com". This common name must be mentioned as one of the Subject Alternative Names. 7. Create the server certificate: sudo openssl x509 -req -in server.csr -CA ca.pem -CAkey privkey.pem -CAcreateserial -out server.crt -days 3650 -extfile server_v3.ext  The server certificate is created: server.crt The serial number file is created: ca.srl Each issued certificate must contain a unique serial number assigned by the CA. It must be unique for each certificate given by a given CA. OpenSSL keeps the used serial numbers on a file. The server certificate (server.crt) and server private key (server.key) are the two files you need to install on your server (Apache web server, proxy server). Always keep the private keys secure: - CA private key (privkey.pem) - Server private key (server.key) Recap We have created our own Certificate Authority (root certificate). But this CA is not trusted by our system. Next our CA has created a certificate with SAN. Trusted CA’s such as Comodo and GoDaddy are trusted because their root certificates are already imported in our system. In YouTube video “Geth supporting SSL using reverse proxy server” I will be using this self signed certificate to setup a reverse proxy server accessible by: https://proxy.mobilefish.com. Check out all my other Ethereum related tutorial videos: https://goo.gl/eNJVXe Subscribe to my YouTube channel: https://goo.gl/61NFzK The presentation used in this video tutorial can be found at: http://www.mobilefish.com/developer/blockchain/blockchain_quickguide_ethereum_related_tutorials.html #mobilefish #howto #ethereum
Views: 10144 Mobilefish.com
HAProxy inconsistencies between private key and certificate loaded from PEM file
HAProxy inconsistencies between private key and certificate loaded from PEM file http://fosshelp.blogspot.in/2016/11/how-to-create-pem-file-for-haproxy.html 1 Generate a unique private key KEY $sudo openssl genrsa -out mydomain.key 2048 Note: Content in this file start with -----BEGIN RSA PRIVATE KEY----- 2 Generating a Certificate Signing Request CSR $sudo openssl req -new -key mydomain.key -out mydomain.csr Note: Content in this file start with -----BEGIN CERTIFICATE REQUEST----- 3 Creating a Self-Signed Certificate CRT $openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt Note: Content in this file start with -----BEGIN CERTIFICATE----- 4 Append KEY and CRT to mydomain.pem $sudo bash -c 'cat mydomain.key mydomain.crt /etc/ssl/private/mydomain.pem' Note: This pem file contains 2 sections certificates, one start with -----BEGIN RSA PRIVATE KEY----- and another one start with -----BEGIN CERTIFICATE----- 5 Specify PEM in haproxy config $ sudo vim /etc/haproxy/haproxy.cfg listen haproxy bind ssl crt /etc/ssl/private/mydomain.pem mode http option http-server-close option forwardfor reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 443 option forwardfor if-none balance roundrobin option abortonclose server check inter 10s rise 2 fall 3 ssl verify none 6 Restart haproxy $ sudo service haproxy restart
Views: 600 ATOM
setup openssl website  on ubuntu server
$ sudo a2enmod ssl $ sudo service apache2 restart $ mkdir /etc/apache2/ssl $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt $ nano /etc/apache2/sites-available/default-ssl.conf $ sudo a2ensite default-ssl.conf $ service apache2 restart
Views: 1192 Sofan Wahyudi
How to generate sha256 hash self-signed certificate using openssl
Openssl(version0.9.7h and later) supports sha256, but by default it uses sha1 algorithm for signing. In this tutorial we shall see how to generate a digital x509 certificate with sha256 digest algorithm. By the by did i tell you that sha1 is already broken! Check out the complete How-to article : http://techglimpse.com/sha256-hash-certificate-openssl/
Views: 13551 Gaargi S