1

I have several websites on which I want to install a self-signed SSL certificate. I tried following various guides, such as this one (all provided more or less the exact same instructions). The given instructions appear to be outdated security-wise, however. I will be the only one using SSL on the sites; people won't know HTTPS is enabled unless they dig for it.

For example, Chrome shows this information for my site, whereas this information is shown for ServerFault. How do I generate a proper, secure SSL/TLS certificate using current crypto standards? In case it matters, the server is running Ubuntu 14.10 Server and Apache 2.4.

Community
  • 1
vaindil
  • 107
  • 1
  • 10

1 Answers1

3

I see two things immediately wrong.

  1. You have a certificate for *.example.com, but you're accessing the site as https://example.com. A wildcard certificate won't be accepted for a parent domain. Either access it via https://www.example.com, or make a new certificate.
  2. You're using a SHA1 hash for the cert. This is considered bad. the -sha256 switch in openssl should fix this. Here's an example set of switches: openssl req -new -newkey -sha256 rsa:2048

You might also want to check your SSL settings in Apache, specifically which algorithms are allowed. Turn off SSLv2/SSLv3 at least. If it's just you, I'd turn off everything less than TLSv1.2, and only select high-grade ciphers.

Here's an example pulled from an often-cited page (\ to break the continuous string):

SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128: \
   DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

Edit: Either way, Chrome and Firefox are not going to react nicely to self-signed certificates unless you configure them (and/or your OS) to specifically trust the root CA that signed them.

Hyppy
  • 15,608
  • 1
  • 38
  • 59
  • 1
    While you are essentially right about SHA-1 vs. SHA-256 it does not matter in case of a self-signed certificate, because the client will not check the signature. Instead it will either use explicitly this certificate as trusted as it is or worse it will simply disable all certificate checks when expecting a self-signed certificate. And even if it would check the signature even the best signature could not protect against replacing a self-signed certificate with another self-signed certificate. – Steffen Ullrich Mar 30 '15 at 16:32
  • I generated the new key and disabled the outdated cryptography, and now [Chrome is complaining slightly less](http://i.stack.imgur.com/EKeaK.png). I know that I have to manually trust the certficates; I'm fine with that (I'm only using the encryption for a few small things that I will use, public visitors to my site won't use/need it). It seems that OpenSSL isn't generating files with current cryptography. The cert information says the Version is V3, the Signature algorithm is sha256RSA, Signature hash algorithm is sha256, public key is RSA (4096 Bits), and Thumbprint algorithm is sha1. – vaindil Mar 31 '15 at 15:26