Difference between revisions of "Howto GnuTLS"
(Created page with 'I've recently installed GnuTLS on a server. == Why? == GnuTLS is a free way of serving up secure sites (https). One very specific advantage is that it can host more than one ce…') |
(→How?) |
||
Line 21: | Line 21: | ||
# SSLCertificateFile /etc/apache2/ssl/dav.bristolwireless.net.pem | # SSLCertificateFile /etc/apache2/ssl/dav.bristolwireless.net.pem | ||
− | + | GnuTLSEnable on | |
− | + | GnuTLSCertificateFile /etc/apache2/ssl/ftp.bristolwireless.net.crt | |
− | + | GnuTLSKeyFile /etc/apache2/ssl/ftp.bristolwireless.net.key | |
− | + | GnuTLSPriorities NORMAL:!DHE-RSA:!DHE-DSS:!AES-256-CBC:%COMPAT | |
+ | |||
+ | Note here that |
Revision as of 16:49, 1 December 2010
I've recently installed GnuTLS on a server.
Why?
GnuTLS is a free way of serving up secure sites (https). One very specific advantage is that it can host more than one certificate on one IP address. Many pages on the internet will tell you that this is not possible. That's total BS.
How?
It's easy. The example here is for Debian Squeeze, assume you are using Apache2 as http server and already have it installed. For a recent install you will need to have the package libapache2-mod-gnutls.
apg-get install libapache2-mod-gnutls
You may also get it installed by another method. Now you can run Debian's special commands to enable/disable the correct modules in Apache2:
a2dismod ssl a2enmod gnutls
I'm assuming you don't want to keep the old ssl mod, it might well get in the way. So now you need to configure the https bit for you site. Here's an example config. Put it in
# SSLEngine on # SSLCertificateFile /etc/apache2/ssl/dav.bristolwireless.net.pem GnuTLSEnable on GnuTLSCertificateFile /etc/apache2/ssl/ftp.bristolwireless.net.crt GnuTLSKeyFile /etc/apache2/ssl/ftp.bristolwireless.net.key GnuTLSPriorities NORMAL:!DHE-RSA:!DHE-DSS:!AES-256-CBC:%COMPAT
Note here that