LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 06-25-2004, 12:28 AM   #1
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 932

Rep: Reputation: 32
Apache SSL


Hi all

can any one point me towards a fairly easy tutorial on Apache SSL

Some thing were its going to show me step by step please.

What are the first steps to get SSL to work.?

TT
 
Old 06-25-2004, 12:34 AM   #2
Demonbane
Guru
 
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796

Rep: Reputation: 47
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
I thought most distros would have it enabled by default
for your reference this is the config file for mod_ssl that came with my distro's Apache installation:

Code:
<IfDefine SSL>
  <IfModule !mod_ssl.c>
    LoadModule ssl_module    extramodules/mod_ssl.so
  </IfModule>
</IfDefine>

<IfModule mod_ssl.c>

#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these 
# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
#
#   For the moment, see <URL:http://www.modssl.org/docs/> for this info. 
#   The documents are still being prepared from material donated by the
#   modssl project.
# 
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#

#   Until documentation is completed, please check http://www.modssl.org/
#   for additional config examples and module docmentation.  Directives
#   and features of mod_ssl are largely unchanged from the mod_ssl project
#   for Apache 1.3.

#
# When we also provide SSL we have to listen to the 
# standard HTTP port (see above) and to the HTTPS port
#

Listen 443

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#

<IfModule mod_mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfModule>

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.

SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:logs/ssl_scache(512000)
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
#SSLSessionCache        dbm:logs/ssl_scache
SSLSessionCache         shm:logs/ssl_scache(128000)

SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization. 

SSLMutex  file:logs/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the 
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512


</IfModule>

Last edited by Demonbane; 06-25-2004 at 12:35 AM.
 
Old 06-25-2004, 12:42 AM   #3
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 932

Original Poster
Rep: Reputation: 32
Thanks

Thats what i'm looking for, as you said ( I thought most distros would have it enabled by default
)

I want to find out if its installed and running etc...if not what steps are taken to get it going.



TT
 
Old 06-25-2004, 12:48 AM   #4
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 932

Original Poster
Rep: Reputation: 32
I think i found it.

Would i add the VirtualHost in the ssl.conf ( /etc/httpd/conf.d/ )

or in the httpd file it self ? ( /etc/httpd/conf/httpd.conf )

then open the port up. seems to be all there..

TT
 
Old 06-25-2004, 12:53 AM   #5
Demonbane
Guru
 
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796

Rep: Reputation: 47
doesn't really matter, just put it in ssl.conf
 
Old 06-25-2004, 12:56 AM   #6
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 932

Original Poster
Rep: Reputation: 32
Cool

I am looking though the httpd file and i dont see mod_ssl there, is there any particlar area it sits ?

Code:
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so

#
 
Old 06-25-2004, 01:10 AM   #7
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 932

Original Poster
Rep: Reputation: 32
I take it that the VirtualHost code in the ssl.conf is all one VirtualHost like below
so i would have to create the same thing, but only change the server name ?

TT

[CODE#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#

LoadModule ssl_module modules/mod_ssl.so

# Until documentation is completed, please check http://www.modssl.org/
# for additional config examples and module docmentation. Directives
# and features of mod_ssl are largely unchanged from the mod_ssl project
# for Apache 1.3.

#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
Listen 443

##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##

#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache dbm:/var/cache/mod_ssl/scache(512000)
#SSLSessionCache dc:UNIX/var/cache/mod_ssl/distcache
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex default

# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443

# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate' under
# built time. Keep in mind that if you've both a RSA and a DSA
# certificate you can configure both in parallel (to also allow
# the use of DSA ciphers, etc.)
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/httpd/conf/ssl.crt
#SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt

# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/httpd/conf/ssl.crl
#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl

# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10

# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
[/CODE]

Last edited by tommytomato; 06-25-2004 at 01:12 AM.
 
Old 06-25-2004, 01:16 AM   #8
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 932

Original Poster
Rep: Reputation: 32
Well i tried and got the following error

Code:
Starting httpd: Syntax error on line 411 of /etc/httpd/conf.d/ssl.conf:
Expected </VirtualHost:443> but saw </VirtualHost>
TT
 
Old 06-25-2004, 01:24 AM   #9
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 932

Original Poster
Rep: Reputation: 32
well i'm doing my home work

Its up mine end

does it work your end ?

https://shop.rockinghamgateway.com/

The cert shows me errors is that normal ?

TT
 
Old 06-25-2004, 02:05 AM   #10
SBing
Member
 
Registered: Mar 2004
Posts: 519

Rep: Reputation: 35
Yeh, the encryption is fine but unless you pay for a certificate you're gonna get certificate errors - this is because it's signed by you; not by some independant company like Verisign(?). But I wouldn't bother forking out for a certifcate unless it's necessary :)

Steve
 
Old 06-25-2004, 02:22 AM   #11
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 932

Original Poster
Rep: Reputation: 32
From what i'm reading it's saying i can create my own cerf's, Is this correct ?

At this stage i'm trying to create my own cerf, but i get a bunch of error's like so

Code:
openssl verify server.crt
Error opening certificate file server.crt
4904:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('server.crt','r')
4904:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
I'm alittle lost, but i'm giving it ago

TT
 
Old 06-25-2004, 03:11 AM   #12
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 932

Original Poster
Rep: Reputation: 32
I seem to be getting some where, but i am unsure to what i have done.
do i need to edit any other files. to show what i've done.

It's created newreq.pem and a folder called demoCA with in /usr/share/ssl/misc
I have been following this page
http://www.linux-sxs.org/internet_se...ENSSL_TEMPLATE

Code:
[root@rockinghamgateway misc]# ./CA -newca
mkdir: cannot create directory `./demoCA': File exists
mkdir: cannot create directory `./demoCA/certs': File exists
mkdir: cannot create directory `./demoCA/crl': File exists
mkdir: cannot create directory `./demoCA/newcerts': File exists
mkdir: cannot create directory `./demoCA/private': File exists
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
..................................................++++++
....................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:AU
State or Province Name (full name) [Berkshire]:Western Australia
Locality Name (eg, city) [Newbury]:Perth
Organization Name (eg, company) [My Company Ltd]:rockinghamgateway.com
Organizational Unit Name (eg, section) []:rockinghamgateway.com
Common Name (eg, your name or your server's hostname) []:rockinghamgateway.com
Email Address []:webmaster@rockinghamgateway.com
[root@rockinghamgateway misc]# ./CA -newreq
Generating a 1024 bit RSA private key
......++++++
.................++++++
writing new private key to 'newreq.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:AU
State or Province Name (full name) [Berkshire]:Western Australia
Locality Name (eg, city) [Newbury]:Perth
Organization Name (eg, company) [My Company Ltd]:rockinghamgateway.com
Organizational Unit Name (eg, section) []:rockinghamgateway.com
Common Name (eg, your name or your server's hostname) []:rockinghamgateway.com
Email Address []:webmaster@rockinghamgateway.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:my_pass
An optional company name []:
Request (and private key) is in newreq.pem
[root@rockinghamgateway misc]# ./CA -sign
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jun 25 08:10:17 2004 GMT
            Not After : Jun 25 08:10:17 2005 GMT
        Subject:
            countryName               = AU
            stateOrProvinceName       = Western Australia
            localityName              = Perth
            organizationName          = rockinghamgateway.com
            organizationalUnitName    = rockinghamgateway.com
            commonName                = rockinghamgateway.com
            emailAddress              = webmaster@rockinghamgateway.com
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Comment:
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
            17:14:42:CE:B5:B9:D3:24:34:F1:7E:FE:AC:27:4C:1A:8A:91:AD:7F
            X509v3 Authority Key Identifier:
            keyid:3F:2F:27:70:FE:32:C3:EC:8B:47:B0:5A:53:10:99:27:9A:36:4F:1A
            DirName:/C=AU/ST=Western Australia/L=Perth/O=rockinghamgateway.com/OU=rockinghamgateway.com/CN=rockinghamgateway.com/emailAddress=webmaster@rockinghamgateway.com
            serial:00

Certificate is to be certified until Jun 25 08:10:17 2005 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=AU, ST=Western Australia, L=Perth, O=rockinghamgateway.com, OU=rockinghamgateway.com, CN=rockinghamgateway.com/emailAddress=webmaster@rockinghamgateway.com
        Validity
            Not Before: Jun 25 08:10:17 2004 GMT
            Not After : Jun 25 08:10:17 2005 GMT
        Subject: C=AU, ST=Western Australia, L=Perth, O=rockinghamgateway.com, OU=rockinghamgateway.com, CN=rockinghamgateway.com/emailAddress=webmaster@rockinghamgateway.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:d2:3d:d0:51:8f:d5:22:e6:fa:4f:9c:db:be:56:
                    08:ca:1a:47:90:9b:37:4a:c2:a7:c6:fc:4d:c9:cc:
                    7a:b4:db:41:e1:16:14:da:7b:ba:88:22:e8:91:83:
                    fb:a9:92:01:9f:ff:02:2f:25:16:23:c7:e3:65:be:
                    59:34:91:76:43:1b:13:a9:57:b5:17:eb:93:b3:fa:
                    eb:8e:c8:38:de:15:34:82:10:bd:05:08:31:31:fb:
                    cb:95:4e:b9:95:11:ad:b3:88:4e:7c:1c:4e:39:b7:
                    fe:4c:bb:c5:f2:9e:ac:77:f3:4b:76:4c:e6:8d:08:
                    e0:29:5c:e1:99:ab:e8:c6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Comment:
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
            17:14:42:CE:B5:B9:D3:24:34:F1:7E:FE:AC:27:4C:1A:8A:91:AD:7F
            X509v3 Authority Key Identifier:
            keyid:3F:2F:27:70:FE:32:C3:EC:8B:47:B0:5A:53:10:99:27:9A:36:4F:1A
            DirName:/C=AU/ST=Western Australia/L=Perth/O=rockinghamgateway.com/OU=rockinghamgateway.com/CN=rockinghamgateway.com/emailAddress=webmaster@rockinghamgateway.com
            serial:00

    Signature Algorithm: md5WithRSAEncryption
        73:d0:fb:6c:1d:2c:2e:09:f4:fd:d0:c6:b4:6a:69:3c:3f:14:
        6c:2c:72:5c:0b:49:f0:eb:de:a1:12:df:c9:cb:49:70:3f:86:
        d3:87:b9:96:1a:f3:fe:99:ab:7b:f4:4d:42:81:e5:06:1a:3e:
        9d:08:fb:81:24:2e:26:5c:21:73:9a:c7:70:d7:04:e3:02:dc:
        d2:08:22:60:a4:d2:74:47:74:5b:5f:8e:18:3b:d1:19:fe:97:
        f2:e4:ba:2d:44:bb:46:8e:ad:a3:7e:24:83:63:a3:10:6e:ee:
        cd:c1:9c:71:6f:00:c0:71:89:61:96:7b:fd:3f:0b:b1:a1:e8:
        57:92
-----BEGIN CERTIFICATE-----
MIIEYTCCA8qgAwIBAgIBATANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMCQVUx
GjAYBgNVBAgTEVdlc3Rlcm4gQXVzdHJhbGlhMQ4wDAYDVQQHEwVQZXJ0aDEeMBwG
A1UEChMVcm9ja2luZ2hhbWdhdGV3YXkuY29tMR4wHAYDVQQLExVyb2NraW5naGFt
Z2F0ZXdheS5jb20xHjAcBgNVBAMTFXJvY2tpbmdoYW1nYXRld2F5LmNvbTEuMCwG
CSqGSIb3DQEJARYfd2VibWFzdGVyQHJvY2tpbmdoYW1nYXRld2F5LmNvbTAeFw0w
NDA2MjUwODEwMTdaFw0wNTA2MjUwODEwMTdaMIHJMQswCQYDVQQGEwJBVTEaMBgG
A1UECBMRV2VzdGVybiBBdXN0cmFsaWExDjAMBgNVBAcTBVBlcnRoMR4wHAYDVQQK
ExVyb2NraW5naGFtZ2F0ZXdheS5jb20xHjAcBgNVBAsTFXJvY2tpbmdoYW1nYXRl
d2F5LmNvbTEeMBwGA1UEAxMVcm9ja2luZ2hhbWdhdGV3YXkuY29tMS4wLAYJKoZI
hvcNAQkBFh93ZWJtYXN0ZXJAcm9ja2luZ2hhbWdhdGV3YXkuY29tMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDSPdBRj9Ui5vpPnNu+VgjKGkeQmzdKwqfG/E3J
zHq020HhFhTae7qIIuiRg/upkgGf/wIvJRYjx+Nlvlk0kXZDGxOpV7UX65Oz+uuO
yDjeFTSCEL0FCDEx+8uVTrmVEa2ziE58HE45t/5Mu8Xynqx380t2TOaNCOApXOGZ
q+jGcQIDAQABo4IBVTCCAVEwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl
blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBcUQs61udMkNPF+
/qwnTBqKka1/MIH2BgNVHSMEge4wgeuAFD8vJ3D+MsPsi0ewWlMQmSeaNk8aoYHP
pIHMMIHJMQswCQYDVQQGEwJBVTEaMBgGA1UECBMRV2VzdGVybiBBdXN0cmFsaWEx
DjAMBgNVBAcTBVBlcnRoMR4wHAYDVQQKExVyb2NraW5naGFtZ2F0ZXdheS5jb20x
HjAcBgNVBAsTFXJvY2tpbmdoYW1nYXRld2F5LmNvbTEeMBwGA1UEAxMVcm9ja2lu
Z2hhbWdhdGV3YXkuY29tMS4wLAYJKoZIhvcNAQkBFh93ZWJtYXN0ZXJAcm9ja2lu
Z2hhbWdhdGV3YXkuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAHPQ+2wdLC4J9P3Q
xrRqaTw/FGwsclwLSfDr3qES38nLSXA/htOHuZYa8/6Zq3v0TUKB5QYaPp0I+4Ek
LiZcIXOax3DXBOMC3NIIImCk0nRHdFtfjhg70Rn+l/Lkui1Eu0aOraN+JINjoxBu
7s3BnHFvAMBxiWGWe/0/C7Gh6FeS
-----END CERTIFICATE-----
Signed certificate is in newcert.pem
[root@rockinghamgateway misc]#
TT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 1.3.33 (debian built) and Apache SSL does not respond to the proper ports lqorg_user Linux - Networking 0 11-06-2005 04:11 PM
apache + ssl help! aqoliveira Linux - Software 3 04-18-2005 12:36 PM
apache and apache-ssl questions merana Debian 4 03-10-2005 10:10 AM
Apache and SSL PcHammer Linux - Software 3 02-18-2005 02:33 PM
ssl on apache Finlay Linux - Networking 3 03-20-2003 11:48 AM


All times are GMT -5. The time now is 03:04 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration