On Mon, Nov 13, 2000 at 09:47:33AM -0500, Jason Costomiris wrote:
> Use this as a guide, just make the self-signed cert valid for longer than
> 30 days.
>
> http://www.thawte.com/certs/server/keygen/mod_ssl.html
I've bookmarked this--it's useful. HOWEVER, there remain a couple of
questions; if you (or someone else) don't have the answers, I'll have
to track it down this weekend.
All this is done on a "fully patched" (e.g., all security patches applied)
RH 6.2 installation, with the mod_ssl-2.6.4_1.3.12-1 RPM installed.
OBSERVATION: No question.
=========================
Following the steps laid out in the above list, I tried using both
/dev/random and /dev/urandom as one of the randomizing files for input.
This failed; some quick experimentation seems to indicate they both return
data so slowly that you'll never complete the initial step of generating
the Key via 'openssl genrsa'. Substitution of several very large, real files
(I used the largest files from the /var/spool/up2date directory. They're
large.) worked.
QUESTION:
Next, all other steps given there (generate CSR, self-signed Certificate)
worked. Except when restarting the server, it now requires I enter the
passphrase. This is, of course, a killer for unattended restarts.
What's not covered in that web page?
Once I have this fixed, BTW, I've a shellscript that handles this whole
thing.
Cheers,
--
Dave Ihnat
[EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
