httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Raible" <m...@raibledesigns.com>
Subject RE: [users@httpd] Apache 2.0.40, SSL and Linux
Date Fri, 27 Sep 2002 02:45:17 GMT
I added a certificate with the commands below and started my server with
"/usr/local/apachectl -D SSL -k start" but it still appears as if this
directive:

<IfModule mod_ssl.c>
    Include conf/ssl.conf
</IfModule>

is not working :(

[root@drevil ssl]# openssl req -new -out my-server.csr
Using configuration from /usr/share/ssl/openssl.cnf
Generating a 1024 bit RSA private key
................++++++
..................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:drevil
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@drevil ssl]# openssl rsa -in privkey.pem -out my-server.key
read RSA key
Enter PEM pass phrase:
writing RSA key
[root@drevil ssl]# openssl x509 -in my-server.csr -out my-server.cert
-req -signkey my-server.key -days 365
Signature ok
subject=/C=US/ST=Berkshire/L=Newbury/O=My Company Ltd/CN=drevil
Getting Private key
[root@drevil ssl]# openssl x509 -in my-server.cert -out
my-server.der.crt -outform DER



> -----Original Message-----
> From: J. Greenlees [mailto:jaqui@shaw.ca] 
> Sent: Thursday, September 26, 2002 8:19 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
> 
> 
> hmmm, when starting the server do you get an error message at 
> all? do you have a certificate ( even unsigned ) for the 
> secure server?
> 
> I have problems getting Rh to install on my system so using mandrake, 
> don't have this problem on my systems. ( at least when I start secure 
> server and have certificate )
> 
> trying to remember the command but there is an apache command 
> that will 
> list loaded modules...ccheck the docs on mod_ssl it may help diagnose 
> exactly where the problem is.
> 
> Matt Raible wrote:
> 
> >So you're saying that mod_ssl.* (I'm guessing it'c 
> mod_ssl.c) is loaded 
> >by default with the IfModule code below?  Is their anyway to ensure 
> >this?
> >
> >In ssl.conf, I have the following line under <VirtualHost 
> >_default_:443>
> >
> >ErrorLog logs/ssl.log
> >
> >But this does not get generated - I'm starting apache with 
> >/usr/local/apache2/bin/apachectl startssl
> >
> >Here's what I get when I try to test it with openssl:
> >
> ># openssl s_client -connect localhost:443
> >connect: Connection refused
> >connect:errno=29
> >#
> >
> >Thanks,
> >
> >Matt
> >
> >>-----Original Message-----
> >>From: J. Greenlees [mailto:jaqui@shaw.ca]
> >>Sent: Thursday, September 26, 2002 7:19 PM
> >>To: users@httpd.apache.org
> >>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
> >>
> >>
> >>Matt Raible wrote:
> >>
> >>>Platform: Red Hat 7.3
> >>>
> >>>I'm trying to setup SSL for Apache on Linux and I can't seem
> >>>
> >>to get it
> >>
> >>>working properly.  The following line in httpd.conf gives me the
> >>>impression that the mod_ssl is already installed:
> >>>
> >>><IfModule mod_ssl.c>
> >>>   Include conf/ssl.conf
> >>></IfModule>
> >>>
> >>>Do I have to add LoadModule ...??  If so, how do I get/create
> >>>mod_ssl.so?
> >>>
> >>>Thanks,
> >>>
> >>>Matt
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>-----------------------------------------------------------
> ----------
> >>>The official User-To-User support forum of the Apache HTTP Server
> >>>Project. See <URL:http://httpd.apache.org/userslist.html> for more

> >>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>>For additional commands, e-mail: users-help@httpd.apache.org
> >>>
> >>>
> >>Matt,
> >>usually with linux disro's you don't have to alter the conf
> >>for enabling 
> >>cgi or ssl, or even php.
> >>
> >>you do have to make / get a certificate for the ssl though.
> >>
> >>
> >>
> >>------------------------------------------------------------
> ---------
> >>The official User-To-User support forum of the Apache HTTP
> >>Server Project. See 
> >><URL:http://httpd.apache.org/userslist.html> for more info. 
> >>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP Server 
> >Project. See <URL:http://httpd.apache.org/userslist.html> for more 
> >info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project. See 
> <URL:http://httpd.apache.org/userslist.html> for more info. 
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message