httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "hambali" <hambali_...@plasa.com>
Subject [users@httpd] https,ssl conection
Date Sat, 28 Aug 2004 09:23:32 GMT
dear sir,
i want to create connection using 
https(apache+openssl),but i have some problem. please help 
me if you don't mind.
this is what i do:
1.Create CA(Self signed).
      1.openssl req -new -x509 -keyout 
/usr/lib/ssl/private/CAkey.pem -out 
/usr/lib/ssl/private/CAcert.pem
      2.openssl x509 -in /usr/lib/ssl/private/CAcert.pem 
-out CAcert.crt
      then install CAcert.crt in browser
2.create server certificate
      1.openssl req -new -keyout newkey.pem -out 
newreq.pem -days 365 -config /usr/lib/ssl/openssl.cnf
      2.cat newreq.pem newkey.pem > new.pem
      3.openssl ca -policy policy_anything -out 
newcert.pem -config /usr/lib/ssl/openssl.cnf -infiles 
new.pem
      4.openssl rsa -in new.pem -out unsecure.pem
      5.openssl x509 -in newcert.pem -out server.crt
3. install server certificate di apache:
      1.copy file unsecure.pem dan server.crt ke 
/etc/ssl/apache
      2.edit file 
/etc/httpd/conf.d/41_mod_ssl_.default-vhost.conf
        SSLCertificateFile /etc/ssl/apache/server.crt
        SSLCertificateKeyFile /etc/ssl/apache/unsecure.pem
4. /etc/rc.d/init.d/httpd stop
    /etc/rc.d/init.d/httpd start.
    test using mozilla --> https://hope.bx.net.id (it work 
as i expected).
5.create client certificate
      1. i create client certificate just like server 
certificate, and then convert to p12 format
      2. export client.p12 to mozilla:
      3.edit file 
/etc/httpd/conf.d/41_mod_ssl_.default-vhost.conf
        SSLCACertificatePath /usr/lib/ssl/private
        SSLCACertificateFile 
/usr/lib/ssl/private/CAcert.pem
        SSLVerifyClient require
        SSLVerifyDepth 10
      4. /etc/rc.d/init.d/httpd stop
        /etc/rc.d/init.d/httpd start.
        test using mozilla --> https://hope.bx.net.id (it 
work as i expected).
       after restart, the content of error_log:
       [Fri Aug 20 15:53:16 2004] [notice] 
Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6mdk) 
mod_perl/1.99_09 Perl/v5.8.1 mod_auth_pgsql/2.0.1 
mod_ssl/2.0.47 OpenSSL/0.9.7b PHP/4.3.2 configured -- 
resuming normal operations

       then test using mozilla --> https://hope.bx.net.id
       i get comment like this:
the connection to hope.bx.net.id has terminated 
unexpectedly. some data may have been transferred,
and in error_log of apache:
[Fri Aug 20 15:53:49 2004] [notice] child pid 3510 exit 
signal Segmentation fault (11)

my question, how to solve this problem ???

thank you for your help.

best regard


hambali

===========================================================================================
"Gabung INSTANIA, dapatkan XENIA. Daftar di www.telkomnetinstan.com, langsung dapat akses
Internet Gratis..
Dan ..ikuti "Instan Smile" berhadiah Xenia,Tour S'pore, Komputer,dll, info hub : TELKOM Jatim
0-800-1-467826 "
===========================================================================================

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message