linux_wiki:ssl_certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
linux_wiki:ssl_certificates [2015/10/04 00:41]
billdozor created 		linux_wiki:ssl_certificates [2019/05/25 23:50] (current)
Line 6: Line 6:
  
 **Checklist** **Checklist**
-  * Distro: Enterprise Linux 6+  * Distro(s): Enterprise Linux 6
   * Webserver: Apache or Nginx   * Webserver: Apache or Nginx
  
Line 58: Line 58:
   * Copy the received certificate to the web server   * Copy the received certificate to the web server
   * Update web server's ssl config file   * Update web server's ssl config file
-    * Apache: /etc/httpd/conf.d/ssl.conf +    * Apache: /etc/httpd/conf.d/ssl.conf<code bash>SSLEngine on
-      * <code bash>SSLEngine on+
 SSLCertificateFile /etc/httpd/conf/certs/MYSITE.crt SSLCertificateFile /etc/httpd/conf/certs/MYSITE.crt
 SSLCertificateKeyFile /etc/httpd/conf/certs/MYSITE.key SSLCertificateKeyFile /etc/httpd/conf/certs/MYSITE.key
 SSLCertificateChainFile /etc/httpd/conf/certs/MY-CA.crt</code> SSLCertificateChainFile /etc/httpd/conf/certs/MY-CA.crt</code>
-    * Nginx: /<nginx-root>/conf/nginx.conf +    * Nginx: /<nginx-root>/conf/nginx.conf<code bash>
-      * <code bash>+
 ssl  on; ssl  on;
 ssl_certificate      /<nginx-root>/conf/certs/MYSITE.crt; ssl_certificate      /<nginx-root>/conf/certs/MYSITE.crt;
Line 70: Line 68:
 ssl_client_certificate /<nginx-root>/conf/certs/MY-CA.crt;</code> ssl_client_certificate /<nginx-root>/conf/certs/MY-CA.crt;</code>
   * Test Config Syntax   * Test Config Syntax
-    * Apache +    * Apache<code bash>apachectl configtest</code> 
-      * <code bash>apachectl configtest</code> +    * Nginx<code bash>nginx -t</code>
-    * Nginx +
-      * Nginx will test for a valid config file when the master process receives the "reload" signal(in the next step). If it is valid, the new config will be used, if not, the old config continues to be used.+
   * Reload Config File (graceful restart)   * Reload Config File (graceful restart)
-    * Apache +    * Apache<code bash>apachectl graceful</code> 
-      * <code bash>apachectl graceful</code> +      * Alternative<code bash>kill -SIGUSR1 <httpd-root-pid></code> 
-      * Alternative +    * Nginx<code bash>/<nginx-root>/sbin/nginx -s reload</code> 
-        * <code bash>kill -SIGUSR1 <httpd-root-pid></code> +  * Verify new certs<code bash>openssl s_client -connect MYSITE:443 | openssl x509 -text | grep Not</code> 
-    * Nginx +
-      * <code bash>/<nginx-root>/sbin/nginx -s reload</code> +
-  * Verify new certs +
-    * <code bash>openssl s_client -connect MYSITE:443 | openssl x509 -text | grep Not</code>+
  • linux_wiki/ssl_certificates.1443933671.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)