Confirmed users
307
edits
Security/DNSSEC-TLS-nginx: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 2: | Line 2: | ||
# Set up a linux VM and enable a host-only network adapter so you can talk to it as well as a NAT'd adapter so it can talk to the internet (outside the scope of this article) | # Set up a linux VM and enable a host-only network adapter so you can talk to it as well as a NAT'd adapter so it can talk to the internet (outside the scope of this article) | ||
# In that VM... | # In that VM, do the following: | ||
# Install and set up bind9 | |||
## 'apt-get install bind' or bind9 or something | |||
## Set up keys, zones, sign them, start server... | |||
## Make a self-signed certificate | |||
## Make a TLSA record using [http://hg.mozilla.org/users/dkeeler_mozilla.com/dnssec-tls/file/tip/cert2dane.sh cert2tlsa.sh] (and put this in your zone file) | |||
## Sign the zones | |||
# Get sources: | # Get sources: | ||
## [http://nginx.org/download/nginx-1.0.4.tar.gz nginx-1.0.4.tar.gz] (not the most recent version - I'll update the patch against it when I get a chance) | ## [http://nginx.org/download/nginx-1.0.4.tar.gz nginx-1.0.4.tar.gz] (not the most recent version - I'll update the patch against it when I get a chance) | ||