Norm, thanks for answering. I am still struggling to get this thing working. I had
read an reread the FAQs and tried the manual generation of certificate but I always
get the same type of errors. I redid all with openSSL 0.9.4 with the same results. One
question I need to ask is
the FQDN that I used in the Common-name for the server key
should it be the same as the Certificate Authority field during the generation of the
ca.crt. When I make them the same it generates an error. If I try to use the resulting
keys the engine_log show the folowing entries.
SEEDING PRNG with 0 bytes of entropy
if I use the demo snake oil I get
SEEDING PRNG with 0 bytes of entropy
Altought it may sound starnge is it possible to generate a key on a platform A and use
it on platform B. If so can someone generate a self-signed key (non-des3) for testing
purposes for
1. Country Name (2 letter code) [XY]:ca
2. State or Province Name (full name) [Snake Desert]:quebec
3. Locality Name (eg, city) [Snake Town]:montreal
4. Organization Name (eg, company) [Snake Oil, Ltd]:ETS
5. Organizational Unit Name (eg, section) [Certificate Authority]:ELE
6. Common Name (eg, CA name) [Snake Oil CA]:intra.ele.etsmtl.ca
7. Email Address (eg, name@FQDN) [[EMAIL PROTECTED]]:[EMAIL PROTECTED]
8. Certificate Validity (days) [365]:
Thanks a lot.
Stéphane
-----Message d'origine-----
De : Norm Tee [mailto:[EMAIL PROTECTED]]
Envoyé : Friday, March 31, 2000 5:33 PM
À : [EMAIL PROTECTED]
Objet : self signed keys.
Hi there,
Yes I had the same problem too. Make sure you read about the PRNG problem
(posuedo random number generator)..
I followed his manual steps using openssl to generate the CA and the Server
key (dont use make certificate TYPE=custom).
Goto http://www.modssl.org/docs/2.6/ssl_faq.html#ToC28
I installed these manually. I know a pain, but that was the only way I
could get to work. If you use OPENSSL-0.9.4 this wont happen.
Regards.
Norm.
---------------------------------------------------------------
>Dear all,
>
> I have been trying to generate permanent self-signed keys without success for
>the last 2 >days. I have monitored this discussion group and read the FAQ's but still
>have the same questions/problem.
> I got apache_1.3.12 + php 3.0.12 + mond_ssl_2.6.2 + opensss-0.9.5 + mysql running on
>Solaris >2.7. Everything seems to be working after a few fine tuning during the build
>process (eg:
>removing -I/usr/include, adding RANDFIL = /bigused.file ).
>All of this under the Snake Oil demo certificate. I tried to create some permanent
>keys with
>cd /../apache_1.3.12/src
> make certificate TYPE=custom
>I get this error which I don<t know if its normal
>error 18 at 0 depth lookup:self signed certificate
>in addition The Nestscape 4.x and IE5 complains that the name of the security
>certificate does >not match the name of the site and also that the certificate was
>issued by a company that I
>have not choose to trust!!
>Should I add the SSLCACertificate directives in httpd.conf?
>Is there any recommendations for input for
>5. Organizational Unit Name (eg, section) [Certificate Authority]:
>to get a self-signed certificate?
>I went over the FAQs and the manual method but I get keys generated after similar
>errors.
>In some cases the SSL does not even present any pages.
>Sorry for the length of this message
>Stephane
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]