Self

Am 29.5.2014 wurde ein neues Zertifikat für www.ulm.ccc.de (alternative names: ulm.ccc.de, jabber.ulm.ccc.de) nach dieser Anleitung generiert:

SHA1 Fingerprint: 6F:2C:23:D0:3E:3F:A6:AE:D3:39:FD:6B:5B:5B:F3:2E:C6:AB:F4:C1
MD5 Fingerprint: 4C:C4:D2:17:38:A5:CB:D4:F5:71:D9:A8:B0:8A:7B:50

Alternative DNS-Namen sind in /etc/apache2/ssl/openssl.cnf konfiguriert

root@dontpanic:/etc/apache2/ssl# openssl genrsa -out www.ulm.ccc.de.key 4096
Generating RSA private key, 4096 bit long modulus
........................++
................................................++
e is 65537 (0x10001)
root@dontpanic:/etc/apache2/ssl# openssl req -new -key www.ulm.ccc.de.key -out www.ulm.ccc.de.csr -config openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:DE
Locality Name (eg, city) []:Ulm
Organizational Unit Name (eg, section) []:CCC Erfa Ulm
Common Name (eg, YOUR name) []:www.ulm.ccc.de
Email Address []:mail@ulm.ccc.de
root@dontpanic:/etc/apache2/ssl# openssl x509 -req -days 3650 -in www.ulm.ccc.de.csr -signkey www.ulm.ccc.de.key \
-out www.ulm.ccc.de.crt -extensions v3_req -extfile openssl.cnf
Signature ok
subject=/C=DE/L=Ulm/OU=CCC Erfa Ulm/CN=www.ulm.ccc.de/emailAddress=mail@ulm.ccc.de
Getting Private key
root@dontpanic:/etc/apache2/ssl# openssl x509 -in www.ulm.ccc.de.crt -noout -fingerprint -sha1
SHA1 Fingerprint=6F:2C:23:D0:3E:3F:A6:AE:D3:39:FD:6B:5B:5B:F3:2E:C6:AB:F4:C1
root@dontpanic:/etc/apache2/ssl# openssl x509 -in www.ulm.ccc.de.crt -noout -fingerprint -md5
MD5 Fingerprint=4C:C4:D2:17:38:A5:CB:D4:F5:71:D9:A8:B0:8A:7B:50
root@dontpanic:/etc/apache2/ssl#

/etc/apache2/sites-enabled/ulm.ccc.de-ssl wurde entsprechend angepasst.