Ssl
ssl test:
https://www.ssllabs.com/ssltest/analyze.html?d=www.gitma.de
Perfect Forward Secrecy (PFS) für nginx/test:
http://baudehlo.wordpress.com/2013/06/24/setting-up-perfect-forward-secrecy-for-nginx-or-stud/
tls1.2 für nginx sicher
https://www.sherbers.de/howto/nginx/
Recreate Root Ca with sha256 Signature
Enter same Values for CN/email/O/OU and use the same private key
openssl req -config ./openssl.cnf -extensions v3_ca -x509 -sha256 -nodes -keyform pem -key ca.key -out ca2.crt -days 999 -new
To Sign new Certs with sha256 Signature
add this to openssl ca commands.
openssl ca -md sha256
ad this to certificate requests:
openssl req -sha256