Craig Newlander wrote: > > I'm trying to run apache with SSL on NT. yeah I know this isn't a good > choice but the choice isn't mine. If you can't help please don't waste my > time by chasting me - I'll simply delete your message and move on. :) You > are free however, to waste your own time.
Talk about attack being the best form of defence... Chill out a bit, nobody has said "Boo" to you yet... > > I've downloaded OpenSSL,and mod_ssl. I've followed the installation note > for Win32. I am #6 in the document. Can someone point me to a source > where I can figure out how to setup the config files and certificates? Or > better yet tell me how! thanks. I hope it doesn't waste your precious time, but here's how I set up my certificates: Rgds, Owen Boyle. Making self signed certificates: ++++++++++++++++++++++++++++++++ NB: These certificates contain no pass-phrase so do not need user input when you start apache. Also, can be used by any server... 1) Make a random data file and set it up as $RANDFILE # cd /usr/local/apache/ssl/certs # PATH=$PATH:/usr/local/apache/bin # export PATH # cp /var/cron/olog temp # gzip temp # mv temp.gz random_data # RANDFILE=/usr/local/apache/ssl/certs/random_data # export RANDFILE 2) Create a RSA private key and certificate for our Certificate Authority # openssl genrsa -des3 -out ca.key 1024 password is "CA_PASSWORD" Now make the certificate using the private key. # openssl req -new -x509 -days 365 -key ca.key -out ca.crt 3) Now make a Certificate Signing Request for www.kiwi.com # openssl genrsa -des3 -out kiwi.key 1024 # openssl rsa -in kiwi.key -out banana # mv banana kiwi.key # openssl req -new -key kiwi.key -out kiwi.csr 4) And sign it # ./sign.sh kiwi.csr Now we have ca.crt Certificate Authority certificate ca.db.certs ) CA databases, holding ca.db.index ) details of certificates ca.db.serial ) issued ca.key Certificate Authority private key random_data for random routines sign.sh script for signing certificates kiwi.crt www.kiwi.com certificate (sent with SSL requests) kiwi.csr KIWI certificate signing request (not really needed anymore) kiwi.key www.kiwi.com private key (decrypts public-key encoded messages) - summary of commands # openssl genrsa -des3 -out www.kiwi.com.key 1024 # openssl rsa -in www.kiwi.com.key -out banana # mv banana www.kiwi.com.key # openssl req -new -key www.kiwi.com.key -out www.kiwi.com.csr # ./sign.sh www.kiwi.com.csr ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]