Craig Newlander wrote:
>
> I'm trying to run apache with SSL on NT. yeah I know this isn't a good
> choice but the choice isn't mine. If you can't help please don't waste my
> time by chasting me - I'll simply delete your message and move on. :) You
> are free however, to waste your own time.
Talk about attack being the best form of defence... Chill out a bit,
nobody has said "Boo" to you yet...
>
> I've downloaded OpenSSL,and mod_ssl. I've followed the installation note
> for Win32. I am #6 in the document. Can someone point me to a source
> where I can figure out how to setup the config files and certificates? Or
> better yet tell me how! thanks.
I hope it doesn't waste your precious time, but here's how I set up my
certificates:
Rgds,
Owen Boyle.
Making self signed certificates:
++++++++++++++++++++++++++++++++
NB: These certificates contain no pass-phrase so do not need user input
when you start apache. Also, can be used by any server...
1) Make a random data file and set it up as $RANDFILE
# cd /usr/local/apache/ssl/certs
# PATH=$PATH:/usr/local/apache/bin
# export PATH
# cp /var/cron/olog temp
# gzip temp
# mv temp.gz random_data
# RANDFILE=/usr/local/apache/ssl/certs/random_data
# export RANDFILE
2) Create a RSA private key and certificate for our Certificate
Authority
# openssl genrsa -des3 -out ca.key 1024
password is "CA_PASSWORD"
Now make the certificate using the private key.
# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
3) Now make a Certificate Signing Request for www.kiwi.com
# openssl genrsa -des3 -out kiwi.key 1024
# openssl rsa -in kiwi.key -out banana
# mv banana kiwi.key
# openssl req -new -key kiwi.key -out kiwi.csr
4) And sign it
# ./sign.sh kiwi.csr
Now we have
ca.crt Certificate Authority certificate
ca.db.certs ) CA databases, holding
ca.db.index ) details of certificates
ca.db.serial ) issued
ca.key Certificate Authority private key
random_data for random routines
sign.sh script for signing certificates
kiwi.crt www.kiwi.com certificate (sent with SSL requests)
kiwi.csr KIWI certificate signing request (not really needed
anymore)
kiwi.key www.kiwi.com private key (decrypts public-key encoded
messages)
- summary of commands
# openssl genrsa -des3 -out www.kiwi.com.key 1024
# openssl rsa -in www.kiwi.com.key -out banana
# mv banana www.kiwi.com.key
# openssl req -new -key www.kiwi.com.key -out www.kiwi.com.csr
# ./sign.sh www.kiwi.com.csr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
