<loading/>
HOME = . RANDFILE = $ENV::HOME/.rnd #################################################################### [ ca ] default_ca = CA_default #################################################################### [ CA_default ] dir = /ca/RootCA certs = $dir/ca.db.certs database = $dir/ca.db.index new_certs_dir = $dir/ca.db.certs certificate = $dir/root-ca.crt serial = $dir/ca.db.serial private_key = $dir/root-ca.key RANDFILE = $dir/.rand x509_extensions = usr_cert name_opt = ca_default cert_opt = ca_default default_days = 365 default_crl_days = 30 default_md = sha256 preserve = no policy = policy_match unique_subject = yes #################################################################### [ policy_match ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional #################################################################### [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional #################################################################### [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca string_mask = pkix #################################################################### [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = State localityName = Locality Name (eg, city) localityName_default = City 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Organization 1.organizationName = Second Organization Name (eg, company) 1.organizationName_default = Second Organization organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Organizational Unit commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 #################################################################### [ req_attributes ] #################################################################### [ usr_cert ] basicConstraints = CA:FALSE nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always #################################################################### [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment #################################################################### [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = CA:true #################################################################### [ crl_ext ] authorityKeyIdentifier = keyid:always,issuer:always
authorityKeyIdentifier = keyid,issuer basicConstraints = CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/html
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Options -Indexes
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^.*$ ./index.php
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
sudo su cd / mkdir ca cd ca mkdir RootCA chmod 700 RootCA openssl genrsa -des3 -out RootCA/root-ca.key 2048 openssl req -config openssl.conf -new -x509 -days 3650 -key RootCA/root-ca.key -out RootCA/root-ca.crt openssl x509 -noout -text -in RootCA/root-ca.crt mkdir RootCA/ca.db.certs chmod 700 RootCA/ca.db.certs touch RootCA/ca.db.serial chmod 700 RootCA/ca.db.serial echo "01" > RootCA/ca.db.serial touch RootCA/ca.db.index chmod 700 RootCA/ca.db.index touch RootCA/ca.db.rand chmod 700 RootCA/ca.db.rand perl -e 'print int(rand(90)+10);' > RootCA/ca.db.rand
