Re: Mod-ssl problem

To: debian-user@lists.debian.org
Subject: Re: Mod-ssl problem
From: petong <petong@jah.net>
Date: Mon, 10 Sep 2001 16:11:23 -0700
Message-id: <[🔎] E15gaD5-0006VS-00@desktop.dungeon.org>
In-reply-to: <[🔎] 20010910144709.E29552@serensoft.com>
References: <ACEPIKGOKELHILKEPCPCIEDACBAA.munfai@smartbridges.com> <[🔎] 20010910144709.E29552@serensoft.com>

On Monday 10 September 2001 12:47, will trillich wrote:
> On Mon, Aug 27, 2001 at 09:00:41AM +0800, MunFai wrote:
> > Hi!
> > I am trying to sign my own server.crt file for use with Apache. I am
> > using Debian, with OpenSSL 0.9.6b-1.
> > I seem to be running into a problem when I'm running sign.sh to sign the
> > .csr file. This is what I get:
> >
> > sblabs:/etc/apache/ssl.crt# ./sign.sg server.csr
> > CA signing: server.csr -> server.crt:
> > Using configuration from ca.config
> > Enter PEM pass phrase:
> > Check that the request matches the signature
> > Signature ok
> > The Subjects Distinguished Name is as follows
> > commonName :PRINTABLE:'sblabs'
> > Certificate is to be certified until Aug 20 10:46:44 2002 GMT (365 days)
> > Sign the certificate? [y/n]:y
> > 1 out of 1 certificate requests certified, commit? [y/n]y
> > Write out database with 1 new entries
> > Data Base Updated
> > CA verifying: server.crt <-> CA cert
> > server.crt:/CN=sblabs
> > error 18 at 0 depth lookup:self signed certificate
> > /CN=sblabs
> > error 7 at depth 0 lookup:certificate signature failure
> >
> > Can anyone please help me with this problem? Thanks!
> > And by the way, in the documentation for modssl at their website, it is
> > mentioned that there is a script 'ca.sh' or 'ca.pl' for creating
> > certificates. I've looked through the source but could not find them.
> > Would anyone be kind enough to tell me where to look, or to send me the
> > script? Thanks again.
>
> i'm headed in your direction, about twelve footsteps behind you.
> i bet this'll bite me, too. have you found anything about this?




I am posting this again because I forgot the first step, to generate the key 
for www.virtualhost.com...

1) generate key. If you don't have enough entropy, you can use several files, 
such as log files, seperated by a colon, i.e. file1:file2:...file4
$ openssl genrsa -des3 -rand /dev/random -out 
www.virtualhost.com.key 1024 

1) generate a key for the domain, which goes in /etc/apache/ssl.key
$ openssl req -new -key www.virtualhost.com.key -out \ 
www.virtualhost.com.key.csr

2)openssl x509 -req -days 360 -in www.virtualhost.com.csr \
        -signkey www.virtualhost.com.key -out www.virtualhost.com.crt

This command wil generate your self signed certificate which goes in 
/etc/apache/ssl.crt


Make sure you update your httpd.conf file with
SSLCertificateFile    /etc/apache/ssl.crt/www.virtualhost.com.crt
SSLCertificateKeyFile /etc/apache/ssl.key/www.virtualhost.com.key

Reply to:

References:
- Re: Mod-ssl problem
  - From: will trillich <will@serensoft.com>

Prev by Date: Re: Mod-ssl problem
Next by Date: Re: \222 in Mutt email
Previous by thread: Re: Mod-ssl problem
Next by thread: procmail syntax problem
Index(es):
- Date
- Thread