Difference between revisions of "Obtaining a Let's Encrypt Murmur Certificate"

From Mumble Wiki
Jump to: navigation, search
(Created page with "Let's Encrypt provides a variety of ways how to get a certificate for your server for free but you must have a domain name you own, how to set up certbot or how to verify your...")
 
Line 1: Line 1:
 
Let's Encrypt provides a variety of ways how to get a certificate for your server for free but you must have a domain name you own, how to set up certbot or how to verify your domain depends on a high variety of factors, thus is out of scope of this wiki entry. For Ubuntu 16.04 you can try [https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 this guide].  
 
Let's Encrypt provides a variety of ways how to get a certificate for your server for free but you must have a domain name you own, how to set up certbot or how to verify your domain depends on a high variety of factors, thus is out of scope of this wiki entry. For Ubuntu 16.04 you can try [https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 this guide].  
  
Using Let's Encrypt is an easy way to make sure the people connecting to your server know it's actually you that is hosting as it's pretty hard to hijack Let's Encrypt to create a valid certificate for any malicious entity (unless your server gets compromised).
+
Using Let's Encrypt is an easy way to make sure the people connecting to your server know it's actually you that is hosting the server, as it's pretty hard to hijack Let's Encrypt to create a valid certificate for any malicious entity (unless your (DNS) server gets compromised).
  
 
Example configuration you may need to add or modify in your mumble-server.ini:
 
Example configuration you may need to add or modify in your mumble-server.ini:

Revision as of 15:15, 11 March 2017

Let's Encrypt provides a variety of ways how to get a certificate for your server for free but you must have a domain name you own, how to set up certbot or how to verify your domain depends on a high variety of factors, thus is out of scope of this wiki entry. For Ubuntu 16.04 you can try this guide.

Using Let's Encrypt is an easy way to make sure the people connecting to your server know it's actually you that is hosting the server, as it's pretty hard to hijack Let's Encrypt to create a valid certificate for any malicious entity (unless your (DNS) server gets compromised).

Example configuration you may need to add or modify in your mumble-server.ini:

# These three .pem files should be the ones in the certificate folder letsencrypt created
# Murmur needs restarting to load new certificates
sslCert=[path to]/cert.pem
sslKey=[path to]/privkey.pem
sslCA=[path to]/fullchain.pem

# Has to be generated with for example sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
sslDHParams=/etc/ssl/certs/dhparam.pem
# Just using HIGH does not work, the clients do not support the strongest ciphers
sslCiphers=EECDH+AESGCM:EDH+AESGCM:AES256-SHA:EDH+aRSA+AESGCM:AES256+EECDH:AES2