На главную страницу  
+7 (499) 124-62-26
О компании Продукты Демо-версии Купить Цены Контакты Решения
OpenVPN-ГОСТ
КриптоСервер
КриптоТуннель
Защита RDP
КриптоПакет
"Вьюга"

MAGPRO DNS. INSTALLATION AND CONFIGURING OpenSSL 1.0.0


Already installed

If you installed OpenSSL 1.0.0 from packages, be sure it compiled with the options:
shared, zlib, enable-rfc3779
Option shared is necessary!
If the libgost.so library presents in $PREFIX/lib/engines it should work.


Installation from FreeBSD ports

On FreeBSD you may install OpenSSL 1.0.0 from port collection.

$ cd /usr/ports/security/openssl
$ make config

Choose the options shared, zlib, enable-rfc3779.

$ make
$ sudo make install

Installation from sources

For most linux-based OS you'll have to install OpenSSL 1.0.0 from sources.
You'll need zlib devel files for compiling.
On Debian lenny you can install these files from zlib1g-dev package:

$ sudo apt-get install zlib1g-dev

This is way of compiling and installing OpenSSL 1.0.0 from sources:

$ wget http://www.openssl.org/source/openssl-1.0.0a.tar.gz
$ tar xzf openssl-1.0.0a.tar.gz
$ cd openssl-1.0.0a
$ ./config shared zlib enable-rfc3779 --prefix=/usr/local
$ make depend
$ make
$ sudo make install

After that OpenSSL binaries will be placed at /usr/local.
Config file will be placed at /usr/local/openssl or /usr/local/ssl (it depends from your OS)


Configuration

For correct using of GOST cryptoalgorithms next strings should be added in openssl.cnf:

  1. before the first section (begin of section marks by brackets: []):
    openssl_conf = openssl_def

    By default openssl.cnf doesn't contain it.

  2. At the end of openssl.cnf add sections:
    [openssl_def]
    engines = engine_section
    
    [engine_section]
    gost = gost_section
    
    [gost_section]
    engine_id = gost
    default_algorithms = ALL
    dynamic_path = /usr/local/lib/engines/libgost.so		//or your $PREFIX/lib/engines/libgost.so
    CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
    

MagPro DNS

Installing and configuring OpenSSL 1.0.0

Installing and using BIND with DNSSEC and GOST support

Signing a zone with «dnssec-signzone»

Checking DNSSEC with the «dig» utility

Installing and using Unbound+LDNS+NSD with DNSSEC and GOST support

Signing a zone with «ldns-signzone»

Checking DNSSEC with the «drill» utility

DNSSEC FAQ

 
Copyright © ООО "Криптоком". 2001-2016. All Rights Reserved.