Changes between Version 5 and Version 6 of SystemAdministration/Security/TLS


Ignore:
Timestamp:
12/02/15 11:30:03 (8 years ago)
Author:
Sander Maijers
Comment:
  • FIX: Order of nginx ssl_certificate. * ENHANCE: Add instructions for testing https given SNI.

Legend:

Unmodified
Added
Removed
Modified

  • SystemAdministration/Security/TLS

    v5 v6  
    11= Creating a TLS certificate
    2 == Bundle for `ssl_certificate` (root, intermediate, site)
     2== Bundle for `nginx`'s `ssl_certificate` (site, intermediate, root)
    33{{{
    44#!sh
     
    77printf '\n' > 'newline' &&
    88## Concatenate certificates in this order for Nginx
    9 cat 'clarin.eu/cert/GeoTrustGlobalCA.cer' 'newline' 'clarin.eu/cert/RapidSSLSHA256CA-G3.cer' 'newline' 'clarin.eu/cert/wildcard-clarin-eu.cer' 'newline' > 'bundle.cer'
     9cat 'clarin.eu/cert/wildcard-clarin-eu.cer' 'newline' 'clarin.eu/cert/RapidSSLSHA256CA-G3.cer' 'newline' 'clarin.eu/cert/GeoTrustGlobalCA.cer' 'newline' > 'bundle.cer'
    1010dos2unix 'bundle.cer'
    1111}}}
    1212
    13 == Bundle for `ssl_trusted_certificate` (root, intermediate)
     13== Bundle for `nginx`'s `ssl_trusted_certificate` (root, intermediate)
    1414
    1515{{{
     
    2222dos2unix 'trusted_bundle.cer'
    2323}}}
     24
     25== Testing connectivity to an HTTPS web server that uses Server Name Indication
     26If you have e.g. a Docker container listening on 127.0.0.1, port 443, issue:
     27{{{
     28#!sh
     29curl -v --resolve 'infra.clarin.eu:443:127.0.0.1' 'https://infra.clarin.eu'
     30}}}