You are here

ssl

Ivan Radovanovic's picture

Importing SSL certificates into Mono store

Run cert-sync --user /etc/ssl/cert.pem. Omit --user to synchronize for entire system (note that this installs them in /usr/share/.mono rather than /usr/local/share/.mono).

Without this you might be experiencing errors like "Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED" or similar

Ivan Radovanovic's picture

Configuring web server with intermediate SSL certificates

If you received intermediate certificates and you need to install them you should simply concatenate them in one file in reversed trust delegating order. So if trust is delegated like this:

root -> intermediate1 -> intermediate2 -> your-site

in pem file certificates should be in this order:

Ivan Radovanovic's picture

Interesting security related read

Can be found here - BetterCrypto.org and ECRYPT II

Ivan Radovanovic's picture

Manually trusting certificate in Chromium

To manually trust single certificate do
certutil -A -d sql:$HOME/.pki/nssdb -t P -n description -i cert_file

To add new trusted CA do
certutil -A -d sql:$HOME/.pki/nssdb -t CT -n description -i cert_file

Ivan Radovanovic's picture

Creating certificate request with OpenSSL

It can be done like this

openssl req -new -newkey rsa:2048 -nodes -keyout certificate.key -out certificate.csr

Ivan Radovanovic's picture

Enable ssl on apache2

a2enmod ssl

Ivan Radovanovic's picture

Extracting private key and certificate from pfx file

To extract private key:

  • openssl pkcs12 -in file.pfx -nocerts -out pk.pem
  • openssl rsa -in pk.pem -out key.pem

To extract certificate:

  • openssl pkcs12 -in file.pfx -clcerts -nokeys -out cert.pem
Subscribe to RSS - ssl