Howto GnuTLS

From HacktionLab: A UK-wide network tech-activists providing meet-ups, events, workshops, national skillshare gatherings and hacklabs
Revision as of 16:48, 1 December 2010 by Gremble (talk | contribs) (Created page with 'I've recently installed GnuTLS on a server. == Why? == GnuTLS is a free way of serving up secure sites (https). One very specific advantage is that it can host more than one ce…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

I've recently installed GnuTLS on a server.

Why?

GnuTLS is a free way of serving up secure sites (https). One very specific advantage is that it can host more than one certificate on one IP address. Many pages on the internet will tell you that this is not possible. That's total BS.

How?

It's easy. The example here is for Debian Squeeze, assume you are using Apache2 as http server and already have it installed. For a recent install you will need to have the package libapache2-mod-gnutls. 

apg-get install libapache2-mod-gnutls

You may also get it installed by another method. Now you can run Debian's special commands to enable/disable the correct modules in Apache2: 

a2dismod ssl
a2enmod gnutls

I'm assuming you don't want to keep the old ssl mod, it might well get in the way. So now you need to configure the https bit for you site. Here's an example config. Put it in 

#    SSLEngine on
#    SSLCertificateFile /etc/apache2/ssl/dav.bristolwireless.net.pem 

	GnuTLSEnable on
       GnuTLSCertificateFile /etc/apache2/ssl/ftp.bristolwireless.net.crt
       GnuTLSKeyFile /etc/apache2/ssl/ftp.bristolwireless.net.key
	GnuTLSPriorities NORMAL:!DHE-RSA:!DHE-DSS:!AES-256-CBC:%COMPAT
Retrieved from ‘https://hacktionlab.org/index.php?title=Howto_GnuTLS&oldid=3362