Looking as if I’ll be using some self-signed certs for development purposes (and perhaps for some online game work) so I’m going to write up the process to keep it readily accessible here.<\/p>\n\n\n\n
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \/etc\/ssl\/private\/apache-selfsigned.key -out \/etc\/ssl\/certs\/apache-selfsigned.crt <\/code><\/strong><\/li>- In
\/etc\/apache2\/conf-available<\/code><\/strong> create ssl-params.conf <\/strong><\/code>
use<\/li><\/ul>\n\n\n\nSSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\nSSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\nSSLHonorCipherOrder On\n# Disable preloading HSTS for now. You can use the commented out header line that includes\n# the \"preload\" directive if you understand the implications.\n# Header always set Strict-Transport-Security \"max-age=63072000; includeSubDomains; preload\"\nHeader always set X-Frame-Options DENY\nHeader always set X-Content-Type-Options nosniff\n# Requires Apache >= 2.4\nSSLCompression off\nSSLUseStapling on\nSSLStaplingCache \"shmcb:logs\/stapling-cache(150000)\"\n# Requires Apache >= 2.4.11\nSSLSessionTickets Off<\/code><\/pre>\n\n\n\n
sudo cp \/etc\/apache2\/sites-available\/default-ssl.conf \/etc\/apache2\/sites-available\/default-ssl.conf.bak <\/code><\/strong><\/li> sudo emacs \/etc\/apache2\/sites-available\/default-ssl.conf <\/code><\/strong><\/li>- Edited
\/etc\/apache2\/sites-available\/default-ssl.conf<\/code><\/strong> to enable the new cert and to update ServerAdmin <\/code><\/strong>and add ServerName<\/code><\/strong><\/li>- Did not set redirect at
\/etc\/apache2\/sites-available\/000-default.conf <\/code><\/strong>
as I expect this dev machine to respond to either http or https requests.<\/li>- Firewall checks and updates:
sudo ufw app list
sudo ufw status
sudo ufw allow 'Apache Full'
sudo ufw enable<\/code><\/strong><\/li>- Enable appropriate apache modules
sudo a2enmod ssl
sudo a2enmod headers<\/li> - and perhaps virtual hosts
sudo a2ensite default-ssl
sudo a2enconf ssl-params
sudo apache2ctl configtest
sudo systemctl restart apache2
<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"Looking as if I’ll be using some self-signed certs for development purposes (and perhaps for some online game work) so I’m going to write up the process to keep it readily accessible here. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \/etc\/ssl\/private\/apache-selfsigned.key -out \/etc\/ssl\/certs\/apache-selfsigned.crt In \/etc\/apache2\/conf-available create ssl-params.conf use sudo cp \/etc\/apache2\/sites-available\/default-ssl.conf \/etc\/apache2\/sites-available\/default-ssl.conf.bak … Continue reading Create a Self Signed Certificate<\/span>