Ssl

ssl test:

https://www.ssllabs.com/ssltest/analyze.html?d=www.gitma.de

Perfect Forward Secrecy (PFS) für nginx/test:

http://baudehlo.wordpress.com/2013/06/24/setting-up-perfect-forward-secrecy-for-nginx-or-stud/

tls1.2 für nginx sicher

https://www.sherbers.de/howto/nginx/

Recreate Root Ca with sha256 Signature

Enter same Values for CN/email/O/OU and use the same private key

openssl req -config ./openssl.cnf -extensions v3_ca -x509 -sha256 -nodes -keyform pem -key ca.key  -out ca2.crt -days 999 -new

To Sign new Certs with sha256 Signature

add this to openssl ca commands.

openssl ca -md sha256

ad this to certificate requests:
openssl req -sha256

Dnssec gentoo mysql