I have several websites on which I want to install a self-signed SSL certificate. I tried following various guides, such as this one (all provided more or less the exact same instructions). The given instructions appear to be outdated security-wise, however. I will be the only one using SSL on the sites; people won't know HTTPS is enabled unless they dig for it.
For example, Chrome shows this information for my site, whereas this information is shown for ServerFault. How do I generate a proper, secure SSL/TLS certificate using current crypto standards? In case it matters, the server is running Ubuntu 14.10 Server and Apache 2.4.
Best Answer
I see two things immediately wrong.
-sha256
switch in openssl should fix this. Here's an example set of switches:openssl req -new -newkey -sha256 rsa:2048
You might also want to check your SSL settings in Apache, specifically which algorithms are allowed. Turn off SSLv2/SSLv3 at least. If it's just you, I'd turn off everything less than TLSv1.2, and only select high-grade ciphers.
Here's an example pulled from an often-cited page (
\
to break the continuous string):Edit: Either way, Chrome and Firefox are not going to react nicely to self-signed certificates unless you configure them (and/or your OS) to specifically trust the root CA that signed them.