httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Raible" <m...@raibledesigns.com>
Subject RE: [users@httpd] Apache 2.0.40, SSL and Linux
Date Fri, 27 Sep 2002 03:16:01 GMT
Yep, in ssl.conf I have:

SSLCertificateFile conf/ssl/my-server.cert
SSLCertificateKeyFile conf/ssl/my-server.key

And my conf/ssl/ directory is:

[root@drevil ssl]# ls
my-server.cert  my-server.csr  my-server.der.crt  my-server.key
privkey.pem


> -----Original Message-----
> From: J. Greenlees [mailto:jaqui@shaw.ca] 
> Sent: Thursday, September 26, 2002 9:01 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
> 
> 
> just checking the docs for apache 2 mod_ssl, did you tell the server 
> where the server key is?
> 
> http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
> 
> 
> 
> 
> Matt Raible wrote:
> 
> >I added a certificate with the commands below and started my server 
> >with "/usr/local/apachectl -D SSL -k start" but it still 
> appears as if 
> >this
> >directive:
> >
> ><IfModule mod_ssl.c>
> >    Include conf/ssl.conf
> ></IfModule>
> >
> >is not working :(
> >
> >[root@drevil ssl]# openssl req -new -out my-server.csr
> >Using configuration from /usr/share/ssl/openssl.cnf
> >Generating a 1024 bit RSA private key
> >................++++++
> >..................++++++
> >writing new private key to 'privkey.pem'
> >Enter PEM pass phrase:
> >Verifying password - Enter PEM pass phrase:
> >-----
> >You are about to be asked to enter information that will be 
> >incorporated into your certificate request. What you are 
> about to enter 
> >is what is called a Distinguished Name or a DN.
> >There are quite a few fields but you can leave some blank
> >For some fields there will be a default value,
> >If you enter '.', the field will be left blank.
> >-----
> >Country Name (2 letter code) [GB]:US
> >State or Province Name (full name) [Berkshire]:
> >Locality Name (eg, city) [Newbury]:
> >Organization Name (eg, company) [My Company Ltd]:
> >Organizational Unit Name (eg, section) []:
> >Common Name (eg, your name or your server's hostname) []:drevil
> >Email Address []:
> >
> >Please enter the following 'extra' attributes
> >to be sent with your certificate request
> >A challenge password []:
> >An optional company name []:
> >[root@drevil ssl]# openssl rsa -in privkey.pem -out 
> my-server.key read 
> >RSA key Enter PEM pass phrase:
> >writing RSA key
> >[root@drevil ssl]# openssl x509 -in my-server.csr -out my-server.cert
> >-req -signkey my-server.key -days 365
> >Signature ok
> >subject=/C=US/ST=Berkshire/L=Newbury/O=My Company Ltd/CN=drevil
> >Getting Private key
> >[root@drevil ssl]# openssl x509 -in my-server.cert -out
> >my-server.der.crt -outform DER
> >
> >
> >
> >>-----Original Message-----
> >>From: J. Greenlees [mailto:jaqui@shaw.ca]
> >>Sent: Thursday, September 26, 2002 8:19 PM
> >>To: users@httpd.apache.org
> >>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
> >>
> >>
> >>hmmm, when starting the server do you get an error message at
> >>all? do you have a certificate ( even unsigned ) for the 
> >>secure server?
> >>
> >>I have problems getting Rh to install on my system so using 
> mandrake,
> >>don't have this problem on my systems. ( at least when I 
> start secure 
> >>server and have certificate )
> >>
> >>trying to remember the command but there is an apache command
> >>that will 
> >>list loaded modules...ccheck the docs on mod_ssl it may 
> help diagnose 
> >>exactly where the problem is.
> >>
> >>Matt Raible wrote:
> >>
> >>>So you're saying that mod_ssl.* (I'm guessing it'c
> >>>
> >>mod_ssl.c) is loaded
> >>
> >>>by default with the IfModule code below?  Is their anyway to ensure
> >>>this?
> >>>
> >>>In ssl.conf, I have the following line under <VirtualHost
> >>>_default_:443>
> >>>
> >>>ErrorLog logs/ssl.log
> >>>
> >>>But this does not get generated - I'm starting apache with
> >>>/usr/local/apache2/bin/apachectl startssl
> >>>
> >>>Here's what I get when I try to test it with openssl:
> >>>
> >>># openssl s_client -connect localhost:443
> >>>connect: Connection refused
> >>>connect:errno=29
> >>>#
> >>>
> >>>Thanks,
> >>>
> >>>Matt
> >>>
> >>>>-----Original Message-----
> >>>>From: J. Greenlees [mailto:jaqui@shaw.ca]
> >>>>Sent: Thursday, September 26, 2002 7:19 PM
> >>>>To: users@httpd.apache.org
> >>>>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
> >>>>
> >>>>
> >>>>Matt Raible wrote:
> >>>>
> >>>>>Platform: Red Hat 7.3
> >>>>>
> >>>>>I'm trying to setup SSL for Apache on Linux and I can't seem
> >>>>>
> >>>>to get it
> >>>>
> >>>>>working properly.  The following line in httpd.conf gives me the

> >>>>>impression that the mod_ssl is already installed:
> >>>>>
> >>>>><IfModule mod_ssl.c>
> >>>>>  Include conf/ssl.conf
> >>>>></IfModule>
> >>>>>
> >>>>>Do I have to add LoadModule ...??  If so, how do I get/create 
> >>>>>mod_ssl.so?
> >>>>>
> >>>>>Thanks,
> >>>>>
> >>>>>Matt
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>-----------------------------------------------------------
> >>>>>
> >>----------
> >>
> >>>>>The official User-To-User support forum of the Apache 
> HTTP Server 
> >>>>>Project. See 
> <URL:http://httpd.apache.org/userslist.html> for more 
> >>>>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>>>> "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>>>>For additional commands, e-mail: users-help@httpd.apache.org
> >>>>>
> >>>>>
> >>>>Matt,
> >>>>usually with linux disro's you don't have to alter the conf for 
> >>>>enabling cgi or ssl, or even php.
> >>>>
> >>>>you do have to make / get a certificate for the ssl though.
> >>>>
> >>>>
> >>>>
> >>>>------------------------------------------------------------
> >>>>
> >>---------
> >>
> >>>>The official User-To-User support forum of the Apache HTTP Server 
> >>>>Project. See <URL:http://httpd.apache.org/userslist.html> 
> for more 
> >>>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>>>For additional commands, e-mail: users-help@httpd.apache.org
> >>>>
> >>>
> >>>
> >>>-----------------------------------------------------------
> ----------
> >>>The official User-To-User support forum of the Apache HTTP Server 
> >>>Project. See <URL:http://httpd.apache.org/userslist.html> for more

> >>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>>For additional commands, e-mail: users-help@httpd.apache.org
> >>>
> >>>
> >>
> >>
> >>
> >>------------------------------------------------------------
> ---------
> >>The official User-To-User support forum of the Apache HTTP 
> >>Server Project. See 
> >><URL:http://httpd.apache.org/userslist.html> for more info. 
> >>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP 
> Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message