SSL - andreydiveev/wiki GitHub Wiki
secp256k1: https://jameshfisher.com/2017/04/14/openssl-ecc.html https://bitcoin.stackexchange.com/questions/56680/openssl-generate-bitcoin-address
Creating a private key:
# openssl genrsa -des3 -out private.key 2048
Creating .csr request file from a private key:
# openssl req -new -key private.key -out protoplan.pro.csr
Show info of a .csr request file:
# openssl req -noout -text -in protoplan.pro.csr
Removing passphrase from private key:
# openssl rsa -in server.key -out nopassword.key
Structure of .pem
*Note: adding a key in a file does not necessarily.
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: certChainCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: root.crt)
-----END CERTIFICATE-----
Creating .pem
# cat sitename_com.crt intermediate_pem_thawte_sslwebserver_ev_1.crt root_pem_thawte_sslwebserver_ev_1.crt > sitename.com.pem
# chmod 644 sitename.com.pem
Adding .pem:
# cp sitename.com.pem /etc/ssl/certs/sitename.com.pem
Adding a private key:
# cp private.key /etc/ssl/private/private.key
Configuring nginx virtual host:
server {
listen 443 ssl;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
ssl on;
ssl_certificate /etc/ssl/certs/sitename.com.pem;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ALL:EECDH+aRSA+AESGCM:EDH+aRSA+AESGCM:EECDH+aRSA+AES:EDH+aRSA+AES";
ssl_prefer_server_ciphers on;
}
Verify certificate
# openssl verify sitename.com.pem
Verify intermediate certificate
# openssl x509 -noout -text -in intermediate_pem_thawte_sslwebserver_ev_1.crt
Verify root and intermediate certificates
# openssl verify -CAfile root_pem_thawte_sslwebserver_ev_1.crt intermediate_pem_thawte_sslwebserver_ev_1.crt