Apache mit mod_ssl unter lenny / etch

To: debian-user-german@lists.debian.org, debian-apache@lists.debian.org, debian-testing@lists.debian.org
Subject: Apache mit mod_ssl unter lenny / etch
From: David <david_moerike@arcor.de>
Date: Mon, 16 Jun 2008 08:23:41 +0200
Message-id: <[🔎] 485606ED.5000208@arcor.de>

Habe schon lange Apache2 mit SSL nicht zum Laufen gebracht,
- mit selbstsigniertem Testzertifikat -
das Buch von Mohammed J. Kabir und einiges Probieren aber
hat geholfen -
M=F6ge das folgende n=FCtzlich sein /

Found long time no way to run Apache2 with SSL,
with self-signed test cert,
but found help by the book from M.J.Kabir and some trials
hope that the following is useful:

=3D=3D 1. Schl=FCssel erzeugen / Generate key =3D=3D
david@debian:~/ssl.ca-0.1$
openssl genrsa -des3 -out ca.key 2048 -rand /dev/urandom
Generating RSA private key, 2048 bit long modulus
=2E......+++
=2E......................................................................=
=2E.+++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:

=3D=3D 2. Nach Download von
ssl.ca-0.1.tar.gz von http://www.openssl.contrib
und Auspacken / download and extract =3D=3D

=3D=3D=3D 1. Schl=FCssel signieren / sign key =3D=3D=3D
david@debian:~/ssl.ca-0.1$ ./new-root-ca.sh
=2E/new-root-ca.sh
Self-sign the root CA...
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a D=
N.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:de
de
State or Province Name (full name) [Perak]:.
=2E
Locality Name (eg, city) [Sitiawan]:.
=2E
Organization Name (eg, company) [My Directory Sdn Bhd]:.
=2E
Organizational Unit Name (eg, section) [Certification Services Division]:=
=2E
=2E
Common Name (eg, MD Root CA) []:

Email Address []:david_moerike@arcor.de
david_moerike@arcor.de

=3D=3D=3D 2. Server (Test!!!) Zertifikat erzeugen =3D=3D=3D

david@debian:~/ssl.ca-0.1$ ./new-server-cert.sh server
=2E/new-server-cert.sh server
No server.key round. Generating one
Generating RSA private key, 1024 bit long modulus
=2E...++++++
=2E...................++++++
e is 65537 (0x10001)

Fill in certificate data
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a D=
N.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:de
de
State or Province Name (full name) [Perak]:.
=2E
Locality Name (eg, city) [Sitiawan]:.
=2E
Organization Name (eg, company) [My Directory Sdn Bhd]:.
=2E
Organizational Unit Name (eg, section) [Secure Web Server]:.
=2E
Common Name (eg, www.domain.com) []:localhost
localhost
Email Address []:david_moerike@arcor.de
david_moerike@arcor.de

You may now run ./sign-server-cert.sh to get it signed

=3D=3D=3D 3. Self-Sign self-made certificate =3D=3D=3D

david@debian:~/ssl.ca-0.1$ ./sign-server-cert.sh server
=2E/sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'de'
commonName            :PRINTABLE:'localhost'
emailAddress          :IA5STRING:'david_moerike@arcor.de'
Certificate is to be certified until Jun 15 19:22:48 2009 GMT (365 days)
Sign the certificate? [y/n]:y
y


1 out of 1 certificate requests certified, commit? [y/n]y
y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK

david@debian:~/ssl.ca-0.1$

=3D=3D It follows my /etc/apache2/conf.d/ssl =3D=3D

=3D=3D Anmerkung: in Kabir's Buch ist einiges
unter <IfDefine SSL> und einiges in
<IfModule mod_ssl.c> und es funktioniert
nicht - einfach unbesorgt alles in
<IfModule mod_ssl.c> schreiben! /
Note - while in Kabir's book some things
are in <IfDefine SSL>, and some in
<IfModule mod_ssl.c> this does not work -
don't worry and put all in
<IfModule mod_ssl.c> =3D=3D

<IfModule mod_ssl.c>

  SSLMutex file:/var/log/apache2/ssl_mutex

  <VirtualHost localhost:443>

    DocumentRoot "/var/www/secure"
    ServerName "localhost"

    SSLCertificateFile "conf/ssl.crt/server.crt"
    SSLCertificateKeyFile "conf/ssl.key/server.key"

    SSLEngine on

    LogLevel debug

  </VirtualHost>

</IfModule>


=3D=3D _default_:443 doesn't work!! =3D=3D

=3D=3D Offene Frage / Open Question:
SSLMutex when and for what necessary? =3D=3D

cp server.key /etc/apache2/conf/ssl.key
cp server.crt /etc/apache2/conf/ssl.crt
cd /etc/apache2/conf
chmod 400 ssl.key/server.key
chmod 500 ssl.key


=3D=3D note: conf and not conf.d
everything in conf.d is interpreted
as httpd.conf syntax and therefore
gives errors /
conf und nicht conf.d - alles in
conf.d wird als httpd.conf Syntax
interpretiert und ergibt Fehler! =3D=3D

=3D=3D and to cause mod_ssl loaded =3D=3D

cd /etc/apache2/conf.d/mods-enabled
ln -s ../mods-available/ssl.load
ln -s ../mods-available/ssl.conf

=3D=3D written file / Datei geschrieben :
/var/www/secure/index.html =3D=3D

=3D=3D and restart apache2
No building from source is neccessary /
keinerlei Bauen (Kompilieren) erforderlich! =3D=3D

David

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Wie aus langem Video Zeitraffer machen?
Next by Date: Re: KDE4 in Lenny
Previous by thread: Re: Wie aus langem Video Zeitraffer machen?
Next by thread: Empfehlenswerte 1GBit Karte
Index(es):
- Date
- Thread