Difference between revisions of "Stunnel: SSL Certificate"

From The Uniform Server Wiki
Jump to navigation Jump to search
Line 7: Line 7:
 
----
 
----
 
</div>
 
</div>
&lt;span id=&quot;top&quot;&gt;&lt;/span&gt;
+
----
&lt;div style=&quot;padding:0;margin:0; border-bottom:3px inset #000000&quot;&gt;
+
&lt;div style=&quot;background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;&quot;&gt;
 +
----
 +
=[http://isiqilujev.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]=
 +
----
 +
=[http://isiqilujev.co.cc CLICK HERE]=
 +
----
 +
&lt;/div&gt;
 +
&amp;lt;span id=&amp;quot;top&amp;quot;&amp;gt;&amp;lt;/span&amp;gt;
 +
&amp;lt;div style=&amp;quot;padding:0;margin:0; border-bottom:3px inset #000000&amp;quot;&amp;gt;
 
{|  
 
{|  
 
| [[Image:uc_small_logo.gif | MPG UniCenter]] ||
 
| [[Image:uc_small_logo.gif | MPG UniCenter]] ||
Line 22: Line 30:
 
[[Stunnel: Original | Original]]
 
[[Stunnel: Original | Original]]
 
|}
 
|}
&lt;/div&gt;
+
&amp;lt;/div&amp;gt;
{| cellpadding=&quot;2&quot;
+
{| cellpadding=&amp;quot;2&amp;quot;
 
|
 
|
 
__TOC__
 
__TOC__
 
||
 
||
'''Stunnel SSL Certificate and Key generation'''&lt;br&gt;'''Final Stunnel Test'''&lt;br&gt;'''Uniform Server 3.5-Apollo'''
+
'''Stunnel SSL Certificate and Key generation'''&amp;lt;br&amp;gt;'''Final Stunnel Test'''&amp;lt;br&amp;gt;'''Uniform Server 3.5-Apollo'''
 
|}
 
|}
 
Before going live with your secure server it is '''imperative''' you generate a '''new certificate''' and '''public key''' for Stunnel. The process is extremely easy, first shut down both servers and follow the instructions below.
 
Before going live with your secure server it is '''imperative''' you generate a '''new certificate''' and '''public key''' for Stunnel. The process is extremely easy, first shut down both servers and follow the instructions below.
Line 34: Line 42:
 
The batch files '''mpg_create.bat''' allows you to create the private key and public key (certificate) in one go.
 
The batch files '''mpg_create.bat''' allows you to create the private key and public key (certificate) in one go.
  
The file is located in folder: '''&lt;nowiki&gt;*&lt;/nowiki&gt;\Uniform Server\udrive\home\admin\www\plugins\stunnel_424\bin'''
+
The file is located in folder: '''&amp;lt;nowiki&amp;gt;*&amp;lt;/nowiki&amp;gt;\Uniform Server\udrive\home\admin\www\plugins\stunnel_424\bin'''
  
 
# If running shut down your servers.
 
# If running shut down your servers.
 
# To start the process double click on the batch file '''mpg_create.bat'''.
 
# To start the process double click on the batch file '''mpg_create.bat'''.
 
# First the private key is automatically created and requires no input from you.
 
# First the private key is automatically created and requires no input from you.
# The next phase is a Certificate Signing Request (CSR).&lt;br&gt;During this generation process you will be prompted for several pieces of information. These are the X.509 attributes of the certificate.
+
# The next phase is a Certificate Signing Request (CSR).&amp;lt;br&amp;gt;During this generation process you will be prompted for several pieces of information. These are the X.509 attributes of the certificate.
 
# I have highlighted in bold the type of information you enter.
 
# I have highlighted in bold the type of information you enter.
  
  
{|cellpadding=&quot;4&quot;  
+
{|cellpadding=&amp;quot;4&amp;quot;  
|width=&quot;20&quot;|
+
|width=&amp;quot;20&amp;quot;|
|style=&quot;background:#f8f8f8;border:1px solid #cccccc&quot;|
+
|style=&amp;quot;background:#f8f8f8;border:1px solid #cccccc&amp;quot;|
Country Name (2 letter code) [PL]:'''UK'''&lt;br&gt;
+
Country Name (2 letter code) [PL]:'''UK'''&amp;lt;br&amp;gt;
State or Province Name (full name) [Some-State]:'''Cambridgeshire'''&lt;br&gt;
+
State or Province Name (full name) [Some-State]:'''Cambridgeshire'''&amp;lt;br&amp;gt;
Locality Name (eg, city) []:Cambridge&lt;br&gt;
+
Locality Name (eg, city) []:Cambridge&amp;lt;br&amp;gt;
Organization Name (eg, company) [Stunnel Developers Ltd]:'''Mike Gleaves UniCenter'''&lt;br&gt;
+
Organization Name (eg, company) [Stunnel Developers Ltd]:'''Mike Gleaves UniCenter'''&amp;lt;br&amp;gt;
Organizational Unit Name (eg, section) []:'''Uniform Server 3.5-Apollo example'''&lt;br&gt;
+
Organizational Unit Name (eg, section) []:'''Uniform Server 3.5-Apollo example'''&amp;lt;br&amp;gt;
Common Name (FQDN of your server) [127.0.0.1]:'''fred.gotdns.com'''&lt;br&gt;
+
Common Name (FQDN of your server) [127.0.0.1]:'''fred.gotdns.com'''&amp;lt;br&amp;gt;
 
Press any key to continue
 
Press any key to continue
 
|}
 
|}
Line 83: Line 91:
 
'''''[[#top | Top]]'''''
 
'''''[[#top | Top]]'''''
 
== Help ==
 
== Help ==
I have purposely avoided showing how to set the ports on your firewall or router. The reason being each firewall and router use different methods; however do not be discouraged there is a complete site dedicated to this [http://portforward.com/&quot; portforward.com].
+
I have purposely avoided showing how to set the ports on your firewall or router. The reason being each firewall and router use different methods; however do not be discouraged there is a complete site dedicated to this [http://portforward.com/&amp;quot; portforward.com].
  
 
I your firewall or router is not listed on this site then it does not exist, yes it’s that comprehensive. Start from this [http://portforward.com/guides.htm guides page].
 
I your firewall or router is not listed on this site then it does not exist, yes it’s that comprehensive. Start from this [http://portforward.com/guides.htm guides page].

Revision as of 10:25, 24 November 2010



This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page


CLICK HERE



<div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;">


This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page


CLICK HERE


</div> &lt;span id=&quot;top&quot;&gt;&lt;/span&gt; &lt;div style=&quot;padding:0;margin:0; border-bottom:3px inset #000000&quot;&gt;

MPG UniCenter

Stunnel: Home | Upgrade 4.24 | Install | SSL Certificate | Single Vhost | Resolved | Basics | Cost | Original

&lt;/div&gt;

Stunnel SSL Certificate and Key generation&lt;br&gt;Final Stunnel Test&lt;br&gt;Uniform Server 3.5-Apollo

Before going live with your secure server it is imperative you generate a new certificate and public key for Stunnel. The process is extremely easy, first shut down both servers and follow the instructions below.

Generating a certificate

The batch files mpg_create.bat allows you to create the private key and public key (certificate) in one go.

The file is located in folder: &lt;nowiki&gt;*&lt;/nowiki&gt;\Uniform Server\udrive\home\admin\www\plugins\stunnel_424\bin

  1. If running shut down your servers.
  2. To start the process double click on the batch file mpg_create.bat.
  3. First the private key is automatically created and requires no input from you.
  4. The next phase is a Certificate Signing Request (CSR).&lt;br&gt;During this generation process you will be prompted for several pieces of information. These are the X.509 attributes of the certificate.
  5. I have highlighted in bold the type of information you enter.


Country Name (2 letter code) [PL]:UK&lt;br&gt; State or Province Name (full name) [Some-State]:Cambridgeshire&lt;br&gt; Locality Name (eg, city) []:Cambridge&lt;br&gt; Organization Name (eg, company) [Stunnel Developers Ltd]:Mike Gleaves UniCenter&lt;br&gt; Organizational Unit Name (eg, section) []:Uniform Server 3.5-Apollo example&lt;br&gt; Common Name (FQDN of your server) [127.0.0.1]:fred.gotdns.com&lt;br&gt; Press any key to continue


You can repeat this process at any time, have a play and get a feel for what’s going on. The information you enter is unimportant with the exception of FQDN (fully qualified domain name) if you have one use it (its the full address you would enter in a browser apart from the http:// bit).

Note 1: A default value is displayed in square brackets press return to accept this value. If you are feeling lazy press return at each prompt. The resulting certificate is fully functional however it does not look very professional when displayed in a browser.

Note 2: The only thing of importance each certificate you generate is unique.

It really is that easy to produce a self signed certificate to secure your personal server. If you want some background information take a look at this page SSL basics.

Top

Ports

Port 80

This is the standard port for unsecured web page servers, Uniform Server (Apache) defaults to this. If you have changed this default setting you need to change Stunnel’s configuration file to match your new port.

Port 443

This is the standard port for secure web page servers and Stunnel’s default setting. If you need to use a different port change Stunnel’s configuration file as required.

Internet access

When you put your servers (Apache and Stunnel) online you must have ports 80 and 443 open for public access otherwise your servers will be inaccessible. Make sure your firewall does not block these ports. In addition if you are using a wireless router (or other router) remember to forward both ports 80 and 443.

Note: If you have changed the ports use these values instead.

Top

Help

I have purposely avoided showing how to set the ports on your firewall or router. The reason being each firewall and router use different methods; however do not be discouraged there is a complete site dedicated to this portforward.com.

I your firewall or router is not listed on this site then it does not exist, yes it’s that comprehensive. Start from this guides page.

Top

Not sure – Port bashing

You have opened your server ports or have you? Now would be a good time to check that you were successful. This next site is a must visit Gibson Research its where you can get a free bashing or more acutely port probing.

Towards the end of this page click the link ShieldsUP, at the bottom of this new page click precede which takes you to the main ShieldsUP page. (You need to follow the links in the above that’s the way it works). Once you have navigated to the page you will find this control panel:

Uc shieldsup.gif

To perform a full port scan (probe) click the All Service Ports link. When the test completes you will see two red squares one for each port (80 and 443) indicating your servers are accessible. Do not be alarmed by the fail message you opened these ports however if you see any other ports open its probably wise to check these out.

Top

Fully secure server

Your web site is public on both the secure (port 443) and insecure (port 80) ports. This means users can access your pages using either a secured or unsecured connection. You may only want access via the secure port, to achieve this either block incoming port 80 in your firewall or disable port forwarding for port 80 in you router.

Confirm you have correctly disabled port 80 by repeating the port probe at Gibson Research.

Conclusion

I have shown how easy it is to use Stunnel for a personal secure server. If you need more detail check out the additional pages Resolved, Stunnel Basics and Stunnel Original write-up these I separated out for clarity.

Perhaps you do not wish to secure your entire server but only a single virtual host. I have had several requests how to-do this which I cover on the next page Securing a Single Vhost.

Top


Uc small logo.gif Ric