LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-18-2009, 06:26 AM   #1
cmancre
LQ Newbie
 
Registered: Dec 2009
Posts: 2

Rep: Reputation: 0
Question Use of HTTPS without requiring a certificate ?!?!!?


I'm new here so hello to everyone

I have a server running ubuntu (hardy) with apache in virtualhosts basis.

I'm connecting XML services and I was asked to enable ssl without requiring certificate. hummmmm ok!?!?!?

I read the ssl_mod documentation and the ssl mechanism works with a pair of keys - a public and a private. Certificates basically validate the public key authenticity.

All the tutorials over the internet rely on installing ssl with a self sign certificate.

Is the following possible - Create a private key and provide the second party involved with the public key and forget the certificate stuff?


what I've done by now:
- installed openssl
- add NameVirtualHost *:443 at httpd.conf
- new virtualhost
<VirtualHost *:443>
ServerName test
DocumentRoot /var/www/test
SSLEngine on
CustomLog /var/log/apache2/test-access.log combined
ErrorLog /var/log/apache2/test-error.log
</VirtualHost>


I think I need to use this directive SSLCertificateKeyFile

How can I create those keys without the certificate? Or not possible?
 
Old 12-18-2009, 06:51 AM   #2
carltm
Member
 
Registered: Jan 2007
Location: Canton, MI
Distribution: CentOS, SuSE, Red Hat, Debian, etc.
Posts: 697

Rep: Reputation: 93
You're right about the keys and the certificate. A certificate file is
required to start SSL services.

If you heard it's possible to run SSL without a certificate, they probably
meant a certificate from a well known certificate authority (CA). There are
a lot of tutorials on the web that tell how to create your own CA.

If you want to do this, the first step is to set up a CA. This will give
you a set of keys and a CA certificate. Next create a certificate signing
request (CSR) which will give you a set of keys and a CSR for each webserver.
Copy the CSR to the CA and use it to create the certifcate. Copy it to the
webserver and configure it as needed.
 
Old 12-18-2009, 06:53 AM   #3
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by cmancre View Post
I'm new here so hello to everyone

I have a server running ubuntu (hardy) with apache in virtualhosts basis.

I'm connecting XML services and I was asked to enable ssl without requiring certificate. hummmmm ok!?!?!?

I read the ssl_mod documentation and the ssl mechanism works with a pair of keys - a public and a private. Certificates basically validate the public key authenticity.

All the tutorials over the internet rely on installing ssl with a self sign certificate.

Is the following possible - Create a private key and provide the second party involved with the public key and forget the certificate stuff?


what I've done by now:
- installed openssl
- add NameVirtualHost *:443 at httpd.conf
- new virtualhost
<VirtualHost *:443>
ServerName test
DocumentRoot /var/www/test
SSLEngine on
CustomLog /var/log/apache2/test-access.log combined
ErrorLog /var/log/apache2/test-error.log
</VirtualHost>


I think I need to use this directive SSLCertificateKeyFile

How can I create those keys without the certificate? Or not possible?

i think what you are after is creeating a self signed cert..


http://www.xenocafe.com/tutorials/li...ates/index.php
 
Old 12-18-2009, 07:40 AM   #4
cmancre
LQ Newbie
 
Registered: Dec 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Thumbs up

Thanks for the reply,

Its running, I already tested and it works perfectly.

References:
- https://help.ubuntu.com/8.04/serverg...-security.html
- http://www.xenocafe.com/tutorials/li...ates/index.php

Resuming (hardy ubuntu):
- install openssl

- a2enmod ssl
- generate the private key
# openssl genrsa -des3 -out server.key 1024

- remove password
# openssl rsa -in server.key -out server.key.insecure

- Certificate Signing Request (CSR)
# openssl req -new -key server.key.insecure -out server.csr

- Self sign certificate
# openssl x509 -req -days 365 -in server.csr -signkey server.key.insecure

- http.conf
add NameVirtualHost *:443

- new virtaulhost
<VirtualHost *:443>
...
SSLEngine on
SSLCertificateFile PATHTO/server.crt
SSLCertificateKeyFile PATHTO/server.key.insecure
...
</VirtualHost>

- /etc/init.d/apache2 reload

- DONE

Thanks
 
  


Reply

Tags
ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Certificate and PKI question, secure HTTPS connection, mail encription Rostfrei Linux - Security 2 07-28-2008 03:20 AM
after moving web site to new server - certificate error loading https page jayunplugged Linux - General 3 03-06-2008 01:00 PM
https: create certificate that does not expire Wim Sturkenboom Linux - Server 2 01-16-2007 05:30 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 11:28 AM
https SSL Certificate Expired lothario Linux - Security 1 01-19-2005 10:42 PM


All times are GMT -5. The time now is 10:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration