LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-24-2005, 06:15 PM   #1
STEBEL
LQ Newbie
 
Registered: Aug 2003
Location: Lodz, POLAND
Posts: 4

Rep: Reputation: 0
apache2 + mod-ssl keeps loading the default localhost.xxxxxx cert


Hi

I need to secure my site with a ssl connection.

What I did:

run: openssl genrsa -des3 -out Server'sIP.key 1024
run: openssl req -new -key Server'sIP.key -x509 -out Server'sIP.crt
run: openssl req -new -key Server'sIP.key -out Server'sIP.csr

moved *.key file from /etc/httpd/conf to /etc/httpd/conf/ssl.key/
moved *.crt file from /etc/httpd/conf to /etc/httpd/conf/ssl.crt/

added :
<IfDefine HAVE_SSL>
<VirtualHost Server'sIP:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/Server'sIP.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/Server'sIP.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>

restarted apache.

When accessing the site from other host it keeps loading some default localhost.oxsomething cert.

The distro is Mandrake 10.1 , Apache 2.0.50

What am I missing ?
Thanks for any advice
 
Old 11-25-2005, 03:14 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,962

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
You must first create the CSR and then use it to create the key. You must setup a CA if you don't have done it already. Read this for details.
 
Old 11-25-2005, 01:35 PM   #3
STEBEL
LQ Newbie
 
Registered: Aug 2003
Location: Lodz, POLAND
Posts: 4

Original Poster
Rep: Reputation: 0
Hi and thanks for replying

Currently the certs I prepare are damaged as the browser says...


Tried to use the tutorial Ypu provided however am getting an error at this step
Code:
openssl ca -policy policy_anything -out new.crt -infiles new.csr
some error in a .c file...

however tried instructions at this site

which were:
Create CA :
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Create cert :
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr

Signed cert with CA
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

What can be wrong now ?
Does the answers I provide to questions about OU and other names are dependant on my IP ?

Thanks
 
Old 11-26-2005, 08:49 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,962

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Quote:
Does the answers I provide to questions about OU and other names are dependant on my IP ?
They don't really matter. The only one question you have to answer correct (and that in the case you buy a real certificate from a trusted CA such as Verisign) in the question about the common name (that is the name of your secure server).
What you mean that you browser says about damaged certificates? Does the browser prompts you to accept the cert?
Take a look at the apache error_log and ssl_engine logs to see if you find out something useful?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Cert Generation Problem paintcheck200 Linux - Networking 2 07-06-2009 04:12 PM
installing ssl cert kwickcut Mandriva 4 09-25-2005 02:27 PM
SSL sign cert error Giallo998 Linux - Networking 1 04-25-2005 10:06 AM
Qmail ssl cert eltonmou Linux - Software 0 08-18-2004 07:48 AM
Webmin SSL Cert hakcenter Linux - Security 4 10-22-2003 05:21 PM


All times are GMT -5. The time now is 05:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration