openssl 0.9.2b/ApacheSSL
Hello!
I want to set up an Apache-SSL server on a SparcStation/20 with two
processors and Debian/Slink installed. Firstly, I compiled the
sources (openssl 0.9.3a and ApacheSSL 1.3.6/1.35) and set up the
server. It failed with an I/O error (during security authentication),
although it works on my Debian/x86 system at home (with apache-ssl 1.3.6-9).
In both cases I have created a CA certificate and then a server
certificate with it. The CA certificate can be loaded into the
browser, but then the I/O error occured.
So I have built openssl-0.9.2b-1 with
$ dpkg-source -x openssl...dsc
# debian/rules binary
I wonder why L_ENDIAN is defined for the debian-sparc configuration,
SPARC is big endian as far as I know. Could this be documented?
Has anyone had success with setting up a secure web server on the
Debian-sparc architecture?
I have done the following to create the certificates:
openssl.cnf:
------------
[...]
[ CA_default ]
dir = /etc/ssl # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/private/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
[...]
# This is OK for an SSL server.
nsCertType = server
CA certificate:
---------------
mkdir $ssldir/newcerts
mkdir $ssldir/crl
echo "01" >$ssldir/serial
touch $ssldir/index.txt
openssl req -new -x509 -keyout /etc/ssl/private/cakey.pem \
-out /etc/ssl/private/cacert.pem -config /etc/ssl/openssl.cnf
server certificate:
-------------------
1. create request:
openssl req -new -keyout /etc/apache-ssl/newkey.pem \
-out /etc/apche-ssl/newreq.pem -days 360 -config /etc/ssl/openssl.cnf
cd /etc/apache-ssl
cat newreq.pem newkey.pem > new.pem
2. sign request with CA (enter CA password if you have one)
openssl ca -out newcert.pem -config /etc/ssl/openssl.cnf -infile new.pem
cp newcert.pem $ssldir/certs/sitecert.pem
cp newkey.pem $ssldir/certs/sitekey.pem
cd $ssldir/certs
ln -s sitecert.pem `$ssldir/bin/openssl x509 -noout -hash < sitecert.pem`.0
for every start of the web server you have to enter the server cert
pass phrase (during booting, the apache-ssl start script waits for the
secret...)
==================================================================
Thanks for your help!
--
André Heynatz
http://www.informatik.uni-bremen.de/~tron/
Support non-Wintel (http://www.convergence.org/)
Reply to: