LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-07-2006, 04:08 PM   #1
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Rep: Reputation: 15
Need help: SSL an Apache


Hi everybody!

I think I have ssl implmentation fo httpd on my linuxbox (Fedora Core 3, by the way). But Im having some problems on undestanding the basics.

I found a folder in /usr/share/ssl that contains this tree:

Code:
drwx------  3 root root 4096 Oct 11  2005 CA
lrwxrwxrwx  1 root root   19 Jul  7 01:30 cert.pem -> certs/ca-bundle.crt
drwxr-xr-x  2 root root 4096 Jul  7 15:48 certs
drwxr-xr-x  2 root root 4096 Oct 11  2005 lib
drwxr-xr-x  2 root root 4096 Jul  7 01:30 misc
-rw-r--r--  1 root root 7569 Oct 11  2005 openssl.cnf
drwxr-xr-x  2 root root 4096 Oct 11  2005 private
Inside certs I ran make and this appears on the screen:

Code:
This makefile allows you to create:
  o public/private key pairs
  o SSL certificate signing requests (CSRs)
  o self-signed SSL test certificates

To create a key pair, run "make SOMETHING.key".
To create a CSR, run "make SOMETHING.csr".
To create a test certificate, run "make SOMETHING.crt".
To create a key and a test certificate in one file, run "make SOMETHING.pem".

To create a key for use with Apache, run "make genkey".
To create a CSR for use with Apache, run "make certreq".
To create a test certificate for use with Apache, run "make testcert".

Examples:
  make server.key
  make server.csr
  make server.crt
  make stunnel.pem
  make genkey
  make certreq
  make testcert
So allright. I can make server.key, server.csr, and server.crt
In the /etc/httpd/conf folder I found these folders:

Code:
drwx------  2 root root  4096 Jun 14 13:43 ssl.crl
drwx------  2 root root  4096 Jun 14 13:43 ssl.crt
drwx------  2 root root  4096 Jul  7 12:33 ssl.csr
drwx------  2 root root  4096 Sep  5  2005 ssl.key
drwx------  2 root root  4096 Sep  5  2005 ssl.prm
So basically, do I create these files with make (server.key, server.csr and server.crt) and put them inside the respective ssl.*** folders?

I opened the 443 port to my server and it works, but a message appears and gives a message the certificate is out of date, the server name doesnt match the one on the certificate etc (there are 3 alerts)...

I run this server at home so I would like to create my own certificate so it isnt necessray to pay verisign or any other certificate authority. I want to make this both for security and for learning reasons.

Can anybody help me?
Thank you very much.
 
Old 07-07-2006, 05:49 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,598

Rep: Reputation: 1532Reputation: 1532Reputation: 1532Reputation: 1532Reputation: 1532Reputation: 1532Reputation: 1532Reputation: 1532Reputation: 1532Reputation: 1532Reputation: 1532
Quote:
To create a key for use with Apache, run "make genkey".
To create a CSR for use with Apache, run "make certreq".
To create a test certificate for use with Apache, run "make testcert".
You need just the key, and the certificate, so just run:
Code:
make genkey
make testcert
If you want to do it yourself then take a look here

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 1.3.33 (debian built) and Apache SSL does not respond to the proper ports lqorg_user Linux - Networking 0 11-06-2005 05:11 PM
apache and apache-ssl questions merana Debian 4 03-10-2005 11:10 AM
SSL and Apache bigdogg Linux - Software 25 07-22-2004 10:24 AM
SSL and Apache jqcaducifer Linux - Networking 1 08-04-2003 08:44 AM
Apache 2.0.44 and SSL Kostko Linux - Networking 1 03-30-2003 11:48 AM


All times are GMT -5. The time now is 04:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration