> At this point I have to customize http.conf and ssl.conf files. > Could you send me an example of such files already modified? I need to > understand what I must change.
You can take a look at http://apacheworld.org/ty24/site.chapter17.html for building instructions and example minimal configuration. Notice that you also need to pass --enable-ssl whem building, that should crete a sample ssl.conf file in the conf directory Cheers Daniel On Wed, Jan 29, 2003 at 02:43:06PM +0100, Zampognaro Sergio wrote: > Hi all, > I need to migrate a web site from http to secure https. Mine is a Digital > UNIX V4.0F (Rev. 1229) server. > > I downloaded following packages: > - openssl-0.9.7 > - httpd-2.0.44 > > > 1) openssl installation - steps performed: > > ./config --prefix=/home/aspprod/aspapp/mySSL/openSSL > > make > I got this warnings on stderr: > ar: Warning: creating ../libcrypto.a > ar: Warning: creating ../libssl.a > > make test > On stderr I got this messages contained in attached fiel: > errore3.txt > > make install > I got this messages on stderr: > ./pod2mantest: pod2man: not found > pod2man does not work properly ('BasicTest' failed). Looking for > another pod2man ... > No working pod2man found. Consider installing a new version. > As a workaround, we'll use a bundled old copy of pod2man.pl. > > First of all do you think all this warnings are fatal for my openssl > installation? > > 2) apache2 installation - steps performed: > > ./configure --prefix=/home/aspprod/aspapp/mySSL/apache2 > --with=/home/aspprod/aspapp/mySSL/openSSL > > make > I got a lot of warnings on stderr! > > make install > > At this point I have to customize http.conf and ssl.conf files. > Could you send me an example of such files already modified? I need to > understand what I must change. > > thanks in advance! > Sergio > > > ________________________________________ > > SchlumbergerSema > ing. Sergio Zampognaro > System Integration - SMA > Via Antiniana 2A - 80078 Pozzuoli (NA) - ITALY > > Mobile*+39 335 131 54 26 > > Phone * +39 081 6103 483 > > Fax 6 +39 081 6103 200 > > e-mail * [EMAIL PROTECTED] > > > This email is confidential and intended solely for the use of the individual > to whom it is addressed. Any views or opinions presented are solely those of > the author and do not necessarily represent those of SchlumbergerSema SpA. > If you are not the intended recipient, be advised that you have received > this email in error and that any use, dissemination, forwarding, printing, > or copying of this email is strictly prohibited. > If you have received this email in error please notify the SchlumbergerSema > Helpdesk, by telephone on +39.0125.810500 or by e-mail on > [EMAIL PROTECTED] > > > > > test BN_add > test BN_sub > test BN_lshift1 > test BN_lshift (fixed) > test BN_lshift > test BN_rshift1 > test BN_rshift > test BN_sqr > test BN_mul > test BN_div > test BN_div_recp > test BN_mod > test BN_mod_mul > test BN_mont > test BN_mod_exp > test BN_exp > test BN_kronecker > ..............++++++ > >.................................................................................................... > test BN_mod_sqrt > ..... > ..... > ..... > ..... > ..... > ..... > ..... > ..... > .......++++++++++++ > ..... > .....++++++++++++ > ..... > ...............++++++++++++ > ..... > ..++++++++++++ > ..... > ...++++++++++++ > ..... > ...++++++++++++ > ..... > ....................++++++++++++ > ..... > .......++++++++++++ > ..... > bc does not work properly ('SunOStest' failed). Looking for another bc ... > /usr/bin/bc does not work properly ('SunOStest' failed). Looking for another bc ... > No working bc found. Consider installing GNU bc. > > 0 tests passed > Generating a 512 bit RSA private key > .++++++++++++ > ....++++++++++++ > writing new private key to 'testkey.pem' > ----- > You are about to be asked to enter information that will be incorporated > into your certificate request. > What you are about to enter is what is called a Distinguished Name or a DN. > There are quite a few fields but you can leave some blank > For some fields there will be a default value, > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [AU]:AU > State or Province Name (full name) [Queensland]: > Locality Name (eg, city) []:Brisbane > Organization Name (eg, company) []:CryptSoft Pty Ltd > Organizational Unit Name (eg, section) []:. > Common Name (eg, YOUR name) []:Eric Young > Email Address []:[EMAIL PROTECTED] > verify OK > test generation of DSA parameters > .++++++++++++++++++++++++++++++++++++++++++++++++++* > >...+........+..+...+............+.+..+..........................................................................++++++++++++++++++++ > +++++++++++++++++++++++++++++++* > seed > D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 > counter=105 h=2 > P: > 00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68: > 69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d: > 78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac: > 32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36: > ee:31:c8:02:91 > Q: > 00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30: > f4:8e:da:ce:91:5f > G: > 62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5: > 00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce: > 2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21: > 92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53: > e6:d7:88:02 > test generation of DSA parameters > .++++++++++++++++++++++++++++++++++++++++++++++++++* > >...+........+..+...+............+.+..+..........................................................................++++++++++++++++++++ > +++++++++++++++++++++++++++++++* > seed > D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 > counter=105 h=2 > P: > 00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68: > 69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d: > 78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac: > 32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36: > ee:31:c8:02:91 > Q: > 00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30: > f4:8e:da:ce:91:5f > G: > 62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5: > 00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce: > 2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21: > 92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53: > e6:d7:88:02 > Generating a 512 bit RSA private key > ...........++++++++++++ > ................++++++++++++ > writing new private key to 'keyCA.ss' > ----- > You are about to be asked to enter information that will be incorporated > into your certificate request. > What you are about to enter is what is called a Distinguished Name or a DN. > There are quite a few fields but you can leave some blank > For some fields there will be a default value, > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [AU]:AU > Organization Name (eg, company) []:Dodgy Brothers > Common Name (eg, YOUR name) []:Dodgy CA > unable to load 'random state' > This means that the random number generator has not been seeded > with much random data. > Consider setting the RANDFILE environment variable to point at a file that > 'random' data can be kept in (the file will be overwritten). > Signature ok > subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA > Getting Private key > unable to load 'random state' > This means that the random number generator has not been seeded > with much random data. > Consider setting the RANDFILE environment variable to point at a file that > 'random' data can be kept in (the file will be overwritten). > Getting request Private Key > Generating certificate request > verify OK > verify OK > Generating a 512 bit RSA private key > ................++++++++++++ > .............................++++++++++++ > writing new private key to 'keyU.ss' > ----- > You are about to be asked to enter information that will be incorporated > into your certificate request. > What you are about to enter is what is called a Distinguished Name or a DN. > There are quite a few fields but you can leave some blank > For some fields there will be a default value, > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [AU]:AU > Organization Name (eg, company) []:Dodgy Brothers > Common Name (eg, YOUR name) []:Brother 1 > Common Name (eg, YOUR name) []:Brother 2 > unable to load 'random state' > This means that the random number generator has not been seeded > with much random data. > Consider setting the RANDFILE environment variable to point at a file that > 'random' data can be kept in (the file will be overwritten). > Signature ok > subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > Getting CA Private Key > Generating a 512 bit RSA private key > .............++++++++++++ > ...........................++++++++++++ > writing new private key to './demoCA/private/./cakey.pem' > ----- > You are about to be asked to enter information that will be incorporated > into your certificate request. > What you are about to enter is what is called a Distinguished Name or a DN. > There are quite a few fields but you can leave some blank > For some fields there will be a default value, > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [AU]:AU > Organization Name (eg, company) []:Dodgy Brothers > Common Name (eg, YOUR name) []:Dodgy CA > Generating a 512 bit RSA private key > ............................................++++++++++++ > ..++++++++++++ > writing new private key to 'newreq.pem' > ----- > You are about to be asked to enter information that will be incorporated > into your certificate request. > What you are about to enter is what is called a Distinguished Name or a DN. > There are quite a few fields but you can leave some blank > For some fields there will be a default value, > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [AU]:AU > Organization Name (eg, company) []:Dodgy Brothers > Common Name (eg, YOUR name) []:Brother 1 > Common Name (eg, YOUR name) []:Brother 2 > Using configuration from ../apps/openssl.cnf > unable to load 'random state' > This means that the random number generator has not been seeded > with much random data. > Check that the request matches the signature > Signature ok > Certificate Details: > Serial Number: 1 (0x1) > Validity > Not Before: Jan 29 10:47:46 2003 GMT > Not After : Jan 29 10:47:46 2004 GMT > Subject: > countryName = AU > organizationName = Dodgy Brothers > commonName = Brother 1 > commonName = Brother 2 > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > Netscape Comment: > OpenSSL Generated Certificate > X509v3 Subject Key Identifier: > 66:F5:59:18:BA:EA:16:D6:6E:05:27:D7:A7:6D:11:88:D0:FA:C3:26 > X509v3 Authority Key Identifier: > DirName:/C=AU/O=Dodgy Brothers/CN=Dodgy CA > serial:00 > > Certificate is to be certified until Jan 29 10:47:46 2004 GMT (365 days) > Sign the certificate? [y/n]: > > 1 out of 1 certificate requests certified, commit? [y/n]Write out database with 1 >new entries > Data Base Updated > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > client authentication > server authentication > depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > In app_verify_callback, allowing cert. Arg is: Test Callback Argument > Finished printing do we have a context? 0x1fffcfb8 a cert? 0x400fe640 > cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]