enable https in apache

step 1: generate a Private Key
openssl genrsa -des3 -out es.key 1024

step 2: generate a Certificate Signing Request
openssl req -new -key es.key -out es.csr

step 3: send csr to certificate company, like McAfee to generate certificate file
or generate a Self-Signed Certificate by yourself
openssl req -new -key es.key -x509 -out es.crt

step 4: update ssl.conf
Store public key, private key in a folder
[root@aaa ssl2010]# ll
total 44
-rw-r--r-- 1 cdong users 1488 Sep 29 13:39 cnn.com.cer
-rw-r--r-- 1 root root 4203 Sep 29 16:34 es.crt
-rw-r--r-- 1 root root 781 Sep 28 17:26 es.csr
-rw-r--r-- 1 root root 887 Sep 28 17:24 es.key

SSLCertificateFile /usr/local/apache2/conf/ssl2010/cnn.com.cer
SSLCertificateKeyFile /usr/local/apache2/conf/ssl2010/es.key
SSLCertificateChainFile /usr/local/apache2/conf/ssl2010/es.crt

Please be noticed: SSLCertificateChainFile includes 3 certificates - McAfee, RSA and PEM

Tehn reboot apache
/usr/local/apache2/bin/apachectl stop
/usr/local/apache2/bin/apachectl start


Verify public key and private key
1, public key
openssl x509 -noout -text -in es.crt -modulus

2, private key
openssl rsa -noout -text -in es.key -modulus

The "modulus" and "publicExponent" portions in the key and the certificate must match exactly.

check ssl version

[root@localhost ~]# openssl s_client -connect localhost:8443

restrict users to their home dir in the ssh

http://www.howtoforge.com/chroot_ssh_sftp_debian_etch

Check out your current bash binary:

# ls -la /bin/*bash*

if you see a "bash2" and don't see a sym-link for "rbash" then your system
is ready to be secured. Just create the needed symlink from rbash to
bash2:
# ln -s bash2 rbash

Now simply change your user's login shells in /etc/passwd from /bin/bash to
/bin/rbash