SSL
openssl certificate + key generation
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/http2.pem -keyout /etc/ssl/private/http2.pem Country Name: PT Country Name (2 letter code) [XX]:PT State or Province Name (full name) []:State Locality Name (eg, city) [Default City]:City Organization Name (eg, company) [Default Company Ltd]:example Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:*.example.org Email Address []:user@example.org
Check https connection
openssl s_client -connect wiki.bitarus.allowed.org:443
Multiple SSL nginx
http://nginx.org/en/docs/http/configuring_https_servers.html
Multiple SSL Apache
https://wiki.apache.org/httpd/NameBasedSSLVHosts
As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port.
It is acceptable to use a single SSL configuration for several virtual hosts. In particular, this will work if the SSL certificate applies to all the virtual hosts. For example, this will work if:
All the VirtualHosts are within the same domain, eg: one.example.com and two.example.com. You have a wildcard SSL certificate for that domain (one where the Common Name begins with an asterix: i.e *.example.com)
Encrypt and decrypt with openssl + rsa keypair + base64
1 # generate rsa key pair
2 openssl genrsa -out private.pem 2048
3 # export public key
4 openssl rsa -in private.pem -outform PEM -pubout -out public.pem
5
6 rm test.txt test.txt.bin.enc test.txt.bin.enc.b64 decoded.enc test.txt.bin
7 echo -n "test" > test.txt
8 hexdump -C test.txt
9 # encrypt with public key
10 openssl rsautl -encrypt -inkey public.pem -pubin -in test.txt -out test.txt.bin.enc
11 # encode
12 base64 test.txt.bin.enc > test.txt.bin.enc.b64
13 # decode
14 base64 -d test.txt.bin.enc.b64 > decoded.enc
15 # decrypt with public key
16 openssl rsautl -decrypt -inkey private.pem -in decoded.enc -out test.txt.bin
17 hexdump -C test.txt.bin