httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harrell, Roger" <rjhar...@bechtel.com>
Subject RE: [users@httpd] Generating self-signed key doesn't work?
Date Mon, 29 Mar 2004 19:33:07 GMT
> -----Original Message-----
> From: Harrell, Roger [mailto:rjharrel@bechtel.com]
> 
> I've been trying to get a self-signed cert so I can test SSL, 
> but I keep
> running into a problem with the cert. I have used the Red Hat default
> scripts for generating a self-signed cert, as well as 
> manually generating
> the cert:
> openssl req -x509 -new -key server.key -out server.crt
> 
> 
> In all cases the cert includes CA:TRUE. When I start Apache I get:
> [warn] RSA server certificate is a CA certificate 
> (BasicConstraints: CA ==
> TRUE !?)

>So you have made a CA (Certificate Authority) cert. Well done, you need
>this, but you can't use it in the server. The next steps are:
>
>- make a CSR (certificate signing request) for your site
>- sign it using the CA cert.
>
>this produces a site cert which you can use in the VH.
>
>There is a great selection of how-tos at:
>http://www.instantssl.com/ssl-certificate-sitemap.html

Ok, so I took my existing key and did:
openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out
/etc/httpd/conf/ssl.csr/server.csr

then:
openssl x509 -req -days 30 -in /etc/httpd/conf/ssl.csr/server.csr -signkey
/etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.crt/server.crt

When I restart apache it prompts for the key password and starts without
error. I no longer get the CA=true warning when httpd starts. However when I
go to:
https://musicwithmeaning.com/index.html

I still get a server not found error. I do know that the server is receiving
the requests because I monitored port 443 requests and see them coming in.

So I'm still missing something. Any thoughts?

Roger

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message