openssl 0.9.2b/ApacheSSL

To: debian-sparc@lists.debian.org
Subject: openssl 0.9.2b/ApacheSSL
From: Andre Heynatz <tron@informatik.uni-bremen.de>
Date: 11 Jun 1999 11:30:46 +0200
Message-id: <[🔎] aw674v2iex.fsf@dienstmann.informatik.uni-bremen.de>

Hello!

I want to set up an Apache-SSL server on a SparcStation/20 with two
processors and Debian/Slink installed. Firstly, I compiled the
sources (openssl 0.9.3a and ApacheSSL 1.3.6/1.35) and set up the
server. It failed with an I/O error (during security authentication),
although it works on my Debian/x86 system at home (with apache-ssl 1.3.6-9).
In both cases I have created a CA certificate and then a server
certificate with it. The CA certificate can be loaded into the
browser, but then the I/O error occured.

So I have built openssl-0.9.2b-1 with

$ dpkg-source -x openssl...dsc
# debian/rules binary

I wonder why L_ENDIAN is defined for the debian-sparc configuration,
SPARC is big endian as far as I know. Could this be documented?

Has anyone had success with setting up a secure web server on the
Debian-sparc architecture?

I have done the following to create the certificates:

openssl.cnf:
------------

[...]
[ CA_default ]

dir             = /etc/ssl              # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
database        = $dir/index.txt        # database index file.
new_certs_dir   = $dir/newcerts         # default place for new certs.

certificate     = $dir/private/cacert.pem       # The CA certificate
serial          = $dir/serial           # The current serial number
crl             = $dir/crl.pem          # The current CRL
private_key     = $dir/private/cakey.pem# The private key
RANDFILE        = $dir/private/.rand    # private random number file

x509_extensions = usr_cert              # The extentions to add to the cert
[...]
# This is OK for an SSL server.
nsCertType                      = server

CA certificate:
---------------

mkdir $ssldir/newcerts
mkdir $ssldir/crl
echo "01" >$ssldir/serial
touch $ssldir/index.txt

openssl req -new -x509 -keyout /etc/ssl/private/cakey.pem \
   -out /etc/ssl/private/cacert.pem -config /etc/ssl/openssl.cnf

server certificate:
-------------------

1. create request:

openssl req -new -keyout /etc/apache-ssl/newkey.pem \
  -out /etc/apche-ssl/newreq.pem -days 360 -config /etc/ssl/openssl.cnf
cd /etc/apache-ssl
cat newreq.pem newkey.pem > new.pem

2. sign request with CA (enter CA password if you have one)

openssl ca -out newcert.pem -config /etc/ssl/openssl.cnf -infile new.pem

cp newcert.pem $ssldir/certs/sitecert.pem
cp newkey.pem $ssldir/certs/sitekey.pem
cd $ssldir/certs
ln -s sitecert.pem `$ssldir/bin/openssl x509 -noout -hash < sitecert.pem`.0

for every start of the web server you have to enter the server cert
pass phrase (during booting, the apache-ssl start script waits for the
secret...)

==================================================================

Thanks for your help!

-- 
André Heynatz
http://www.informatik.uni-bremen.de/~tron/
Support non-Wintel (http://www.convergence.org/)

Reply to:

Prev by Date: Re: Configure Base System "by Hand"?
Next by Date: JDK for Debian Linux/Sparc
Previous by thread: openssl 0.9.2b/ApacheSSL
Next by thread: JDK for Debian Linux/Sparc
Index(es):
- Date
- Thread