httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sieger007@gmail.com" <sieger...@gmail.com>
Subject Re: [users@httpd] cannot install a SSL certificate : any idea folks ? Going nuts over SSL..
Date Mon, 16 Nov 2009 20:48:36 GMT
Thank you friends. This SSL stuff drives me nuts .
Just to clarify, I had sent a certificate request with xyz.abc.com
<http://cmsevalspry.house.gov/>as the common name. I got back a
certificate with *.
abc.com  as the common name from the CA. Can I still use the same key or is
it a mismatch?

On Mon, Nov 16, 2009 at 6:17 AM, Mark Watts <m.watts@eris.qinetiq.com>wrote:

> On Sun, 2009-11-15 at 23:05 -0800, sieger007@gmail.com wrote:
> > Hello Friends
> >
> >
> > I'm trying to figure out why I cannot install a SSL certificate that
> > I'd been given. Using openssl, I looked at the key file that was
> > generated by openssl, and the corresponding certificate file that was
> > returned by the CA.
>
> I assume you did the following:
>
> 1) Generate a key:
>
>        $ openssl genrsa -out www.example.com-key 2048
>        Generating RSA private key, 2048 bit long modulus
>        ..............................................+++
>        ....+++
>        e is 65537 (0x10001)
>
> 2) Generate a Certificate Sigining Request (CSR):
>
>        $ openssl req -new -key www.example.com-key -out
>        www.example.com-csr
>        You are about to be asked to enter information that will be
>        incorporated
>        into your certificate request.
>        What you are about to enter is what is called a Distinguished
>        Name or a DN.
>        There are quite a few fields but you can leave some blank
>        For some fields there will be a default value,
>        If you enter '.', the field will be left blank.
>        -----
>        Country Name (2 letter code) [GB]:
>        State or Province Name (full name) [Berkshire]:Greater London
>        Locality Name (eg, city) [Newbury]:London
>        Organization Name (eg, company) [My Company Ltd]:Acme Websites
>        Ltd.
>        Organizational Unit Name (eg, section) []: <Leave blank>
>        Common Name (eg, your name or your server's hostname)
>        []:www.example.com
>        Email Address []: <Leave blank>
>
>        Please enter the following 'extra' attributes
>        to be sent with your certificate request
>        A challenge password []: <Leave blank>
>        An optional company name []: <Leave blank>
>
> 3) Buy a certificate:
>
>        Go to www.verisign.com (or wherever) and buy a certificate.
>        Upload the CSR file you generated when they ask for it.
>        Download the Certificate when they let you.
>
> 4) Setup an SSL Vhost:
>
>        <VirtualHost 0.0.0.0:443>
>         ServerName     "www.example.com"
>         SSLEngine      on
>         SSLCertificateFile     "/etc/httpd/conf/ssl/www.example.com-cert"
>         SSLCertificateKeyFile  "/etc/httpd/conf/ssl/www.example.com-key"
>         ...
>        </VirtualHost>
>
> If you are running SELinux, ensure the context is correct.
> Ensure both files are mode 400 and owned by root.
>
> This should be all you need to do, aside from any other mod_ssl
> configuration you need.
>
> Mark.
>
> --
> Mark Watts BSc RHCE MBCS
> Senior Systems Engineer, Managed Services Manpower
> www.QinetiQ.com
> QinetiQ - Delivering customer-focused solutions
> GPG Key: http://www.linux-corner.info/mwatts.gpg
>

Mime
View raw message