LinuxQuestions.org - apache2 + mod-ssl keeps loading the default localhost.xxxxxx cert

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - apache2 + mod-ssl keeps loading the default localhost.xxxxxx cert (https://www.linuxquestions.org/questions/linux-newbie-8/apache2-mod-ssl-keeps-loading-the-default-localhost-xxxxxx-cert-386235/)

STEBEL

11-24-2005 05:15 PM

apache2 + mod-ssl keeps loading the default localhost.xxxxxx cert

Hi

I need to secure my site with a ssl connection.

What I did:

run: openssl genrsa -des3 -out Server'sIP.key 1024
run: openssl req -new -key Server'sIP.key -x509 -out Server'sIP.crt
run: openssl req -new -key Server'sIP.key -out Server'sIP.csr

moved *.key file from /etc/httpd/conf to /etc/httpd/conf/ssl.key/
moved *.crt file from /etc/httpd/conf to /etc/httpd/conf/ssl.crt/

added :
<IfDefine HAVE_SSL>
<VirtualHost Server'sIP:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/Server'sIP.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/Server'sIP.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>

restarted apache.

When accessing the site from other host it keeps loading some default localhost.oxsomething cert.

The distro is Mandrake 10.1 , Apache 2.0.50

What am I missing ?
Thanks for any advice :)

bathory

11-25-2005 02:14 AM

You must first create the CSR and then use it to create the key. You must setup a CA if you don't have done it already. Read this for details.

STEBEL

11-25-2005 12:35 PM

Hi and thanks for replying

Currently the certs I prepare are damaged as the browser says...

Tried to use the tutorial Ypu provided however am getting an error at this step

Code:

openssl ca -policy policy_anything -out new.crt -infiles new.csr

some error in a .c file...

however tried instructions at this site

which were:
Create CA :
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Create cert :
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr

Signed cert with CA
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

What can be wrong now ?
Does the answers I provide to questions about OU and other names are dependant on my IP ?

Thanks

bathory

11-26-2005 07:49 AM

Quote:

Does the answers I provide to questions about OU and other names are dependant on my IP ?

They don't really matter. The only one question you have to answer correct (and that in the case you buy a real certificate from a trusted CA such as Verisign) in the question about the common name (that is the name of your secure server).
What you mean that you browser says about damaged certificates? Does the browser prompts you to accept the cert?
Take a look at the apache error_log and ssl_engine logs to see if you find out something useful?

All times are GMT -5. The time now is 08:15 PM.