Security/DNSSEC-TLS-nginx

From MozillaWiki
< Security
Revision as of 18:22, 20 July 2011 by Dkeeler (talk | contribs)
Jump to navigation Jump to search

This page details how to set up a virtual machine running a modified version of nginx that uses a self-signed certificate with the DNSSEC TLS extension to authenticate https sessions.

  1. Set up a linux VM and enable a host-only network adapter so you can talk to it as well as a NAT'd adapter so it can talk to the internet (outside the scope of this article)
  2. In that VM...
  3. Get sources:
    1. nginx-1.0.4.tar.gz (not the most recent version - I'll update the patch against it when I get a chance)
    2. openssl-1.0.0d.tar.gz
  4. Get patches:
    1. nginx-1.0.4-dnssectls.patch
    2. openssl-1.0.0d-dnssectls.patch
  5. Install a local copy of openssl:
    1. Untar the archive and cd to the directory
    2. Apply the patch
    3. Run './config', 'make'
  6. Build nginx:
    1. Untar the archive and cd to the directory
    2. Apply the patch
    3. Run './configure --with-openssl=$HOME/openssl-1.0.0d --with-http_ssl_module --without-http_rewrite_module --prefix=`pwd`', 'make'
  7. Make sure you don't have other webservers running on the machine (Ubuntu seems to have one by default)
  8. Start nginx: 'sudo ./obj/nginx'
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/DNSSEC-TLS-nginx&oldid=331587"