A few words about terms. You may be aware of SSL and TLS. According to wiki SSL 3.0 is predecessor of TLS 1.0. It may be allowed to say that TLS is SSL 3.1. US Government has already prohibited using of SSL in their sensitive communications. SSL is old and have a lot of vulnerabilities. It’s believed that TLS is more secure than SSL. Ok, let’s get down to work..
- genrsa - generate a rsa key
- -aes128 - the key will be protected byt AES-128
- -out fd.key - the name of output file name of key
- 2048 - size of the key.
Creating Certificate Signing Requests
With having the key now let’s create CSR file. This file will have all sensitive information
##Signing Your Own Certificates
Now you can sign your CSR file:
If you don’t want to create CSR file as a single step use following command:
Answer all questions as you wish, but when it asks
Common Name (e.g. server FQDN or YOUR name) input the name that you point out in apache
I’m using for my apps apache as a web server. Here are steps to setup it to use SSL. First of all we need to disable a key password.
Check if we get rid of a password:
openssl rsa -text -in fd.key.
fd.crt to Ubuntu Trust Store
For using SSL apache has a module for this. Let’s enable it:
Now we have to re-write our
And now final step
If you want to run your RoR app in ssl mode add
force_ssl to your application controller.
If you’re using
devise force it to use ssl as well. Add these lines to
The post was written before Let’s Encrypt came out, but I still think it contains useful information about certificates.