LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices


Reply
  Search this Thread
Old 07-08-2004, 09:02 PM   #1
lazlow69
Member
 
Registered: Jan 2003
Location: Central New Jersey
Distribution: Knoppix to play, Slack current, OpenBSD stables
Posts: 111

Rep: Reputation: 15
Post OpenBSD 3.5 - openssl key creation tutorial for apache


Hello folks.
I've created a brief synopsis of how to create ssl keys, create a certificate request key and self-sign the key so you can have high level ssl server options for apache. I hope you get something from them, and please reply with errors or additions you have, and I'd be glad to create a nice simple doc to spread around.

--- begin info ---

#
# Notes on getting an openssl setup for apache on an OpenBSD 3.5 box.
# Info originally learned in and adapted from the fine book:
# "Secure Architectures with OpenBSD"
# by Randon Palmer and Jose Nazario
# It's remarkable how easy it can be!
# Please read through once to understand the steps, then proceed.
#
#Good Luck!

#The following commands run by root: (readthrough once!)

#generate strong encryption private key
openssl genrsa -out /etc/ssl/private/server.key 2048

#If you put a passphrase on this, you must enter it each time the machine
#reboots or reads the key I believe. OpenBSD leaves /etc/ssl/private as 700
#so the files should be safe without password...

#Create certificate request key (can be then submitted to verisign, or self signed as shown next)
openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr

#After running this command, you are prompted for information.
#Fill in information as verbosely as you see fit.
#A legit email address might be helpful!


#Explore verisign.com or similar for details on submitting your .csr file.
#***note*** - http://www.cacert.org/ can be an interesting read for free certification.
#Read on for a self-signed key!


#To create a self-signed key for internal or small use:
openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \
-signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt

#Edit your /etc/rc.conf file to change:
httpd_flags="" # to
httpd_flags="-DSSL" # (as comment in file suggests)

#reboot

#enjoy

-- end --
 
Old 07-10-2004, 03:18 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Could someone please try this and confirm that it works? I'd do it myself, but I don't have the time. I'll sticky it once I get someone to confirm that it's useful.
 
Old 07-10-2004, 11:46 AM   #3
lazlow69
Member
 
Registered: Jan 2003
Location: Central New Jersey
Distribution: Knoppix to play, Slack current, OpenBSD stables
Posts: 111

Original Poster
Rep: Reputation: 15
chort,

It worked for me! hehe. Seriously though, I understand what you mean about getting someone to verify, so I hope someone can make some use of this and perhaps it can act as a clean simple intro for people trying to get https services running on their boxen.


Also: I typed this thing up through a putty terminal in pico on the box, and it looked good there, but now that it's formatted for post, the wrap on some of the lines are quite ugly and perhaps even lead to some confusion. Any suggestions for creating simple docs like these so they look good in most to all viewing environments? I'd be glad to write these docs up entirely in a console if that would ensure a good looking end result.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
apache 2.0.55 & openssl 0.9.8 error? ziggie216 Linux - Software 4 11-27-2005 08:37 PM
OpenSSL + Apache certificate, how? The_Nerd Linux - Software 2 12-26-2004 09:18 PM
apache + mod_ssl without openssl , will it run ? kernelvn Linux - Security 1 10-01-2004 11:47 PM
OpenSSL Apache 2 RedHat 8 bfdlinux Linux - Security 2 07-25-2003 09:18 AM
Openssl and apache huno Linux - General 1 04-21-2003 02:06 PM

LinuxQuestions.org > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 07:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration