[SOLVED] Use of HTTPS without requiring a certificate ?!?!!?

cmancre · 12-18-2009, 05:26 AM

I'm new here so hello to everyone

I have a server running ubuntu (hardy) with apache in virtualhosts basis.

I'm connecting XML services and I was asked to enable ssl without requiring certificate. hummmmm ok!?!?!?

I read the ssl_mod documentation and the ssl mechanism works with a pair of keys - a public and a private. Certificates basically validate the public key authenticity.

All the tutorials over the internet rely on installing ssl with a self sign certificate.

Is the following possible - Create a private key and provide the second party involved with the public key and forget the certificate stuff?

what I've done by now:
- installed openssl
- add NameVirtualHost *:443 at httpd.conf
- new virtualhost
<VirtualHost *:443>
ServerName test
DocumentRoot /var/www/test
SSLEngine on
CustomLog /var/log/apache2/test-access.log combined
ErrorLog /var/log/apache2/test-error.log
</VirtualHost>

I think I need to use this directive SSLCertificateKeyFile

How can I create those keys without the certificate? Or not possible?

carltm · 12-18-2009, 05:51 AM

You're right about the keys and the certificate. A certificate file is
required to start SSL services.

If you heard it's possible to run SSL without a certificate, they probably
meant a certificate from a well known certificate authority (CA). There are
a lot of tutorials on the web that tell how to create your own CA.

If you want to do this, the first step is to set up a CA. This will give
you a set of keys and a CA certificate. Next create a certificate signing
request (CSR) which will give you a set of keys and a CSR for each webserver.
Copy the CSR to the CA and use it to create the certifcate. Copy it to the
webserver and configure it as needed.

centosboy · 12-18-2009, 05:53 AM

Quote:

Originally Posted by cmancre

I'm new here so hello to everyone

I have a server running ubuntu (hardy) with apache in virtualhosts basis.

I'm connecting XML services and I was asked to enable ssl without requiring certificate. hummmmm ok!?!?!?

I read the ssl_mod documentation and the ssl mechanism works with a pair of keys - a public and a private. Certificates basically validate the public key authenticity.

All the tutorials over the internet rely on installing ssl with a self sign certificate.

Is the following possible - Create a private key and provide the second party involved with the public key and forget the certificate stuff?

what I've done by now:
- installed openssl
- add NameVirtualHost *:443 at httpd.conf
- new virtualhost
<VirtualHost *:443>
ServerName test
DocumentRoot /var/www/test
SSLEngine on
CustomLog /var/log/apache2/test-access.log combined
ErrorLog /var/log/apache2/test-error.log
</VirtualHost>

I think I need to use this directive SSLCertificateKeyFile

How can I create those keys without the certificate? Or not possible?

i think what you are after is creeating a self signed cert..

http://www.xenocafe.com/tutorials/li...ates/index.php

cmancre · 12-18-2009, 06:40 AM

Thanks for the reply,

Its running, I already tested and it works perfectly.

References:
- https://help.ubuntu.com/8.04/serverg...-security.html
- http://www.xenocafe.com/tutorials/li...ates/index.php

Resuming (hardy ubuntu):
- install openssl

- a2enmod ssl
- generate the private key
# openssl genrsa -des3 -out server.key 1024

- remove password
# openssl rsa -in server.key -out server.key.insecure

- Certificate Signing Request (CSR)
# openssl req -new -key server.key.insecure -out server.csr

- Self sign certificate
# openssl x509 -req -days 365 -in server.csr -signkey server.key.insecure

- http.conf
add NameVirtualHost *:443

- new virtaulhost
<VirtualHost *:443>
...
SSLEngine on
SSLCertificateFile PATHTO/server.crt
SSLCertificateKeyFile PATHTO/server.key.insecure
...
</VirtualHost>

- /etc/init.d/apache2 reload

- DONE

Thanks