Re: apache2 - SSL

[Tom Allison <tom@tacocat.net>]

On May 1, 2007, at 7:29 AM, Roberto C. Sánchez wrote:

> On Tue, May 01, 2007 at 06:55:01AM -0400, Tom Allison wrote:
> > I'm trying to set up apache2 for SSL.
> > Did not find anything in the /usr/share/docs for apache2 related to
> > ssl so I'm thinking the SSL stuff is pretty much up to me.
> It is just a matter of enabling the module and configuring to operate
> how you want.
>
> > Do I have to generate the Certs or are they generated during
> > installation?
> IIRC, apache2 ships the the snakeoil certificates.  However, don't  
> want
> to actually use those for anything.  The SSL howto at tldp.org details
> how to create your own certificated authority, create a certificate
> request and then generate and self-sign the certificate.  If you are
> setting this up for personal use, that is all you need.  If this is  
> some
> sort of e-commerce or other site where users will be thrown off by an
> untrusted CA notification in their browsers, then you will need to  
> buy a
> certificate.
>
> > How do I specify http:80 and https:443?
> Using Listen directives.
>
> Regards,
>
> -Roberto

I set Listen 443 in ports.conf and created a self signed certificate  
using:
openssl req -new -x509 -nodes -days 365 -out $PEMFILE -keyout $PEMFILE
chmod 600 $PEMFILE
[ -e temp_file ] && rm -f temp_file
dd if=/dev/urandom of=temp_file count=2
openssl dhparam -rand temp_file 512 >> $PEMFILE

I then moved $PEMFILE to /etc/apache2/ssl/isengard.tacocat.net.pem
and set
SSLCertificateChainFile /etc/apache2/ssl/isengard.tacocat.net.pem
in ssl.conf

And I get nothing.  Firefox returns an error -12263.
Nothing in the error logs...