httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guenter Knauf <fua...@apache.org>
Subject Re: 2.2.4 windows binary w/ssl?
Date Thu, 22 Mar 2007 18:17:44 GMT
Hi,
> I'll take this as a resounding no, and that the draft package is
> sufficient.  Moving it within 24 hrs unless I hear a specific
> technical objection.
I've heard from a couple of users that they prefer *.zip archives rather than the *.msi files;
and hacked a WSH script to fix the config files when using a zip distribution. So I think
it would be great to disribute a *.zip archive too in addition to the *.msi.

Regarding certificate creation I've hacked another simple WSH script a while ago, and got
some positive feedback; however currently its not perfect yet since I had not the time to
fully go trough all openssl settings;
I use currently this:
openssl req -x509 -nodes -days 999 -subj "/emailAddress=webmaster@example.com/C=US/ST=Oregon/L=Portland/O=Example
Organisation/OU=IT Unit/CN=www.example.com" -newkey rsa:1024 -keyout server.key -out server.crt

these certs are accepted by Apache and enable SSL access - however I get warnings in the error
log:
[Wed Mar 21 02:11:55 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints:
CA == TRUE !?)

hints welcome!

If someone wants to play with the WSH script you can find it here:
http://www.gknw.net/vb/scripts/MkCerts.vbs

Although I'm not a big WSH fan - I think it makes sense on Win32 since its almost there, and
the user doesnt need to install / download another tool just to fix confs or create certs.

Guenter.



Mime
View raw message