| Excerpt |
|---|
Derscripes howto setup a webserver for file exchange in a Bit Repository system. |
Apache2
Install Apache2, mod_ssl and mod_dav if not pre-installed.
...
Setup the SSL site (on debian /etc/apache2/sites-available/default-ssl) to use the relevant keys and certificates (see Create self signed certificate):
| Code Block |
|---|
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
SSLCACertificateFile /path/to/ca.crt
SSLVerifyClient require
SSLVerifyDepth 10
|
...
References:
Apache SSL/TLS Encryption
Apache Module mod_dav
Lighttpd
Enabling upload (WebDAV):
...
References:
Configuring SSL
Redirecting HTTP to HTTPS
Create self signed certificate
| Anchor | ||||
|---|---|---|---|---|
|
$ openssl genrsa -out server.key 1024 # Generate server private key
$ openssl req -new -key server.key \
-out server.csr # Create Certifiserverte Signing Request
- For HTTPS servers remember to put the
- server FQDN in the CN.
$ openssl x509 -req -days 10000 \
-in server.csr \
-out server.crt \
-signkey server.key # Create self-signed certifiserverte
Creating a certificate authority for test
| No Format |
|---|
$ mkdir /path/to/ca/ # CA root
$ mkdir /path/to/ca/ca.db.certs # Signed certificates
$ touch /path/to/ca/ca.db.index # Index of signed certificates
$ echo 01 > /path/to/ca/ca.db.serial # Next (sequential) serial number
$ cp ca.conf /path/to/ca/ # Configuration file (see below)
$ cd /path/to/ca
$ openssl genrsa -out ca.key 1024 # Generate CA private key
$ openssl req -new -key ca.key \
-out ca.csr # Create Certificate Signing Request
$ openssl x509 -req -days 10000 \
-in ca.csr \
-out ca.crt \
-signkey ca.key # Create self-signed certificate
|
...