Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The error means that openssl cannot find the server.key. Note also that the output file should have a different name.
Quote:
What FQDN shall I use on "Common Name"?
You should use the FQDN of the server where you're going to use the certificate. I.e if it's a web server known as www.domain.com you should use "www.domain.com" as FQDN. If you're using a dns server, there is no need to specify FQDN in /etc/hosts/
You should use the FQDN of the server where you're going to use the certificate. I.e if it's a web server known as www.domain.com you should use "www.domain.com" as FQDN. If you're using a dns server, there is no need to specify FQDN in /etc/hosts/
hostname is "arch.satimis.com"
On browser both "satimis.com" and "www.satimis.com" works which of them shall I put.
satimis.com is not a fqdn, www.satimis.com is, so don't use the former. Which of the others to use will depend a bit on the use. If you are wanting to set up ssl for www.satimis.com, use that and you'll get fewer questions from browsers.
Last edited by billymayday; 02-23-2008 at 07:37 PM.
to proceed and encountered this problem unable to find "server.key" file.
I'll go through your link and start again.
Quote:
satimis.com is not a fqdn, www.satimis.com is, so don't use the former. Which of the others to use will depend a bit on the use. If you are wanting to set up ssl for www.satimis.com, use that and you'll get fewer questions from browsers.
For fqdn you must use the name that your server will be known to the public, else you're going to have security warnings: "Unable to verify the identity of server blah.domain.com as a trusted site..."
Then run the 2nd command to remove passphrase:
For fqdn you must use the name that your server will be known to the public, else you're going to have security warnings: "Unable to verify the identity of server blah.domain.com as a trusted site..."
What you've done with the above is to give 127.0.0.1 (by default known as localhost) the name arch.satimis.com. This is not a good idea. Mind that /etc/hosts is only used by your box. A client that is not on your box, when asks for your host will use either his /etc/hosts or a dns server, so your fqdn must resolve to an IP address xx.xx.xx.xx other that 127.0.0.1. I suggest you to use something like the following for your box:
Code:
127.0.0.1 localhost
xx.xx.xx.xx arch.satimis.com
and make sure that your box's IP resolves to the fqdn you;re going to use, so your clients will not get any warnings about hostname missmatches.
Quote:
Then run the 2nd command to remove passphrase:
Code:
Could you please explain "server-no-pass.key"? Whether run the 2nd command exactly as above? TIA
The above command uses the file server.key as input and gives the file server-no-pass.key as output (i.e. the same key but with the passphrase removed). You can then rename the file server-no-pass.key to whatever you want.
Read openssl howto for more details and specially this paragraph that explains how to create a self-signe certificate.
What you've done with the above is to give 127.0.0.1 (by default known as localhost) the name arch.satimis.com. This is not a good idea. Mind that /etc/hosts is only used by your box. A client that is not on your box, when asks for your host will use either his /etc/hosts or a dns server, so your fqdn must resolve to an IP address xx.xx.xx.xx other that 127.0.0.1. I suggest you to use something like the following for your box:
Code:
127.0.0.1 localhost
xx.xx.xx.xx arch.satimis.com
and make sure that your box's IP resolves to the fqdn you;re going to use, so your clients will not get any warnings about hostname missmatches.
The above command uses the file server.key as input and gives the file server-no-pass.key as output (i.e. the same key but with the passphrase removed). You can then rename the file server-no-pass.key to whatever you want.
Read openssl howto for more details and specially this paragraph that explains how to create a self-signe certificate.
Password:
Generating a 1024 bit RSA private key
...++++++
.++++++
writing new private key to 'server.key'
Enter PEM pass phrase:
...
....
Common Name (eg, YOUR name) []:arch.satimis.com
Email Address []:sms@satimis.com
satimis@arch /etc/ssl/certs/ $
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
