Community
    • Categories
    • Recent
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. proofy
    3. Best
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 6
    • Groups 1

    Posts

    Recent Best Controversial
    • RE: SSL Configuration

      (make a backup of your system and run all commands as root 😉

      Create new certificates and keys and refer to them later.

      So you can at least create the hostname to match the certificate.

      openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/idoit-company-local.key -out /etc/ssl/certs/idoit-company-local.crt

      Activate SSL module of Apache

      a2enmod ssl

      Adjust Default SSL Configuration

      Reasons for adjustment

      • listen to all hostnames
      • Correct Server Admin
      • own logs for SSL connections
      • Include your own generated certificates
      • directory /var/www/html run all configurations to customize themselves
      root@idoit:/etc/apache2/sites-available# git diff default-ssl.conf
diff --git a/apache2/sites-available/default-ssl.conf b/apache2/sites-available/default-ssl.conf
index 7e37a9c..00eb69a 100644
--- a/apache2/sites-available/default-ssl.conf
+++ b/apache2/sites-available/default-ssl.conf
@@ -1,6 +1,6 @@
 <IfModule mod_ssl.c>
-       <VirtualHost _default_:443>
-               ServerAdmin webmaster@localhost
+       <VirtualHost *:443>
+               ServerAdmin admin@company.com

                DocumentRoot /var/www/html

@@ -10,8 +10,9 @@
                # modules, e.g.
                #LogLevel info ssl:warn

-               ErrorLog ${APACHE_LOG_DIR}/error.log
-               CustomLog ${APACHE_LOG_DIR}/access.log combined
+               ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
+               CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined
+               Loglevel warn

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
@@ -29,8 +30,8 @@
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
-               SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
-               SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+               SSLCertificateFile      /etc/ssl/certs/idoit-company-local.crt
+               SSLCertificateKeyFile /etc/ssl/private/idoit-company-local.key

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
@@ -127,6 +128,10 @@
                # BrowserMatch "MSIE [2-6]" \
                #               nokeepalive ssl-unclean-shutdown \
                #               downgrade-1.0 force-response-1.0
+               <Directory /var/www/html>
+                       AllowOverride All
+                       Require all granted
+               </Directory>

        </VirtualHost>
 </IfModule>

      Activate Default SSL Configuration

      a2ensite default-ssl

      Restart Apache

      systemctl restart apache2
      posted in Operating
      proofyP
      proofy