OpenSSL and Apache on IBM AIX
Title: OpenSSL and Apache on IBM AIX Hi all, I need an urgent information. Does anybody know if the OpenSSL (0.9.6l) tool kit and the Apache web server (2.0.48 and/or 1.3.29) are available on the IBM AIX 5L v5.2 operating system? thanks for your help! regards, sergio
Linux Red Hat 7.2 + openSSL 0.9.7 + Apache 1.3.27 + mod_ssl 2.8.1 2 =PROBLEMS!!!
Title: Linux Red Hat 7.2 + openSSL 0.9.7 + Apache 1.3.27 + mod_ssl 2.8.12 = PROBLEMS!!! Hi, everything is in the subject! I installed everything following this procedure: $ ./config --prefix=/home/aspco1/openSSL $ make $ make test $ make install # extract the packages $ gzip -d -c apache_1.3.27.tar.gz | tar xvf - $ gzip -d -c mod_ssl-2.8.12-1.3.27.tar.gz | tar xvf - # apply mod_ssl to Apache source tree $ cd /mod_ssl-2.8.12-1.3.27 $ ./configure --with-apache=../apache_1.3.27 $ cd .. # build/install Apache with mod_ssl $ cd apache_1.3.27 $ SSL_BASE=/home/aspco1/openSSL $ ./configure --prefix=/home/aspco1/apache_1.3.27 --enable-module=proxy --enable-module=ssl $ make $ make certificate TYPE=test $ make install $ cd .. # cleanup after work $ rm -rf mod_ssl-2.8.12-1.3.27 $ rm -rf apache_1.3.27 Everything seems to be ok, but when I try to start the web server: $ apachectl start Ouch! ap_mm_create(1048576, /var/run/httpd.mm.22620) failed Error: MM: mm:core: failed to open semaphore file (Permission denied): OS: No such file or directory /usr/sbin/apachectl start: httpd could not be started Even bad with SSL: $ apachectl startssl usage: /usr/sbin/apachectl (start|stop|restart|fullstatus|status|graceful|configtest|help) start - start httpd stop - stop httpd restart - restart httpd if running by sending a SIGHUP or start if not running fullstatus - dump a full status screen; requires lynx and mod_status enabled status - dump a short status screen; requires lynx and mod_status enabled graceful - do a graceful restart by sending a SIGUSR1 or start if not running configtest - do a configuration syntax test help - this screen (startssl is not recognized!!!), and finally: $ httpd -l Compiled-in modules: http_core.c mod_so.c suexec: enabled; valid wrapper /usr/sbin/suexec Even if I compiled with --enable-module=proxy --enable-module=ssl options I can't see proxy and ssl modules in the list of compiled-in modules!!! What's happening??? thanks Sergio
add a certificate to a Certificate Revocation List
How to add a client certificate to an already created and empty Certificate Revocation List? thanks Sergio __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: autosigning certificate
Hi, I'm using openssl-0.9.7! any other suggestions? thanks Sergio. -Original Message- From: Aihong Yin [mailto:[EMAIL PROTECTED]] Sent: venerdì 31 gennaio 2003 18.01 To: [EMAIL PROTECTED] Subject: Re: autosigning certificate Hello Zampognaro, Hi all, I tried to use my own CA in order to sign the CSR previously produced. Following what I got: [naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin ./sign.sh server.csr CA signing: server.csr - server.crt: Using configuration from ca.config Enter pass phrase for ./ca.key: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'IT' stateOrProvinceName :PRINTABLE:'Napoli' localityName :PRINTABLE:'Pozzuoli' organizationName :PRINTABLE:'SchlumbergerSema' organizationalUnitName:PRINTABLE:'EAI' commonName:PRINTABLE:'naunx04:8443' emailAddress :IA5STRING:'[EMAIL PROTECTED]' Certificate is to be certified until Jan 29 17:29:55 2004 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt - CA cert server.crt: /C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailA d [EMAIL PROTECTED] error 18 at 0 depth lookup:self signed certificate /C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailA d [EMAIL PROTECTED] error 7 at 0 depth lookup:certificate signature failure [naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin I see 2 ERRORS: error 18 at 0 depth lookup:self signed certificate error 7 at 0 depth lookup:certificate signature failure What they means? The certificate signing process is ok or not? The certificate signing process is not ok! Are you using openssl-2.9.6g? Please try it again with openssl-2.9.7. I hope this mail is not too late for you! Cheers, Aihong Yin. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
autosigning certificate
Hi all, I tried to use my own CA in order to sign the CSR previously produced. Following what I got: [naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin ./sign.sh server.csr CA signing: server.csr - server.crt: Using configuration from ca.config Enter pass phrase for ./ca.key: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'IT' stateOrProvinceName :PRINTABLE:'Napoli' localityName :PRINTABLE:'Pozzuoli' organizationName :PRINTABLE:'SchlumbergerSema' organizationalUnitName:PRINTABLE:'EAI' commonName:PRINTABLE:'naunx04:8443' emailAddress :IA5STRING:'[EMAIL PROTECTED]' Certificate is to be certified until Jan 29 17:29:55 2004 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt - CA cert server.crt: /C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailAd [EMAIL PROTECTED] error 18 at 0 depth lookup:self signed certificate /C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailAd [EMAIL PROTECTED] error 7 at 0 depth lookup:certificate signature failure [naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin I see 2 ERRORS: error 18 at 0 depth lookup:self signed certificate error 7 at 0 depth lookup:certificate signature failure What they means? The certificate signing process is ok or not? Many thanks. Sergio. SchlumbergerSema ing. Sergio Zampognaro System Integration - SMA Via Antiniana 2A - 80078 Pozzuoli (NA) - ITALY Mobile*+39 335 131 54 26 Phone * +39 081 6103 483 Fax 6 +39 081 6103 200 e-mail * [EMAIL PROTECTED] This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of SchlumbergerSema SpA. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please notify the SchlumbergerSema Helpdesk, by telephone on +39.0125.810500 or by e-mail on [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
new to Apache-SSL world needs help
Hi all, I need to migrate a web site from http to secure https. Mine is a Digital UNIX V4.0F (Rev. 1229) server. I downloaded following packages: - openssl-0.9.7 - httpd-2.0.44 1) openssl installation - steps performed: ./config --prefix=/home/aspprod/aspapp/mySSL/openSSL make I got this warnings on stderr: ar: Warning: creating ../libcrypto.a ar: Warning: creating ../libssl.a make test On stderr I got this messages contained in attached fiel: errore3.txt make install I got this messages on stderr: ./pod2mantest: pod2man: not found pod2man does not work properly ('BasicTest' failed). Looking for another pod2man ... No working pod2man found. Consider installing a new version. As a workaround, we'll use a bundled old copy of pod2man.pl. First of all do you think all this warnings are fatal for my openssl installation? 2) apache2 installation - steps performed: ./configure --prefix=/home/aspprod/aspapp/mySSL/apache2 --with=/home/aspprod/aspapp/mySSL/openSSL make I got a lot of warnings on stderr! make install At this point I have to customize http.conf and ssl.conf files. Could you send me an example of such files already modified? I need to understand what I must change. thanks in advance! Sergio SchlumbergerSema ing. Sergio Zampognaro System Integration - SMA Via Antiniana 2A - 80078 Pozzuoli (NA) - ITALY Mobile*+39 335 131 54 26 Phone * +39 081 6103 483 Fax 6 +39 081 6103 200 e-mail * [EMAIL PROTECTED] This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of SchlumbergerSema SpA. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please notify the SchlumbergerSema Helpdesk, by telephone on +39.0125.810500 or by e-mail on [EMAIL PROTECTED] test BN_add test BN_sub test BN_lshift1 test BN_lshift (fixed) test BN_lshift test BN_rshift1 test BN_rshift test BN_sqr test BN_mul test BN_div test BN_div_recp test BN_mod test BN_mod_mul test BN_mont test BN_mod_exp test BN_exp test BN_kronecker ..++ test BN_mod_sqrt . . . . . . . . ... . . . ... . .. . ... . ... . . ... . bc does not work properly ('SunOStest' failed). Looking for another bc ... /usr/bin/bc does not work properly ('SunOStest' failed). Looking for another bc ... No working bc found. Consider installing GNU bc. 0 tests passed Generating a 512 bit RSA private key . writing new private key to 'testkey.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:[EMAIL PROTECTED] verify OK test generation of DSA parameters .++* ...++..+...++.+..+.. +++* seed D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 counter=105 h=2 P: 00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68: 69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d: 78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac: 32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36: ee:31:c8:02:91 Q: 00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30: f4:8e:da:ce:91:5f G: 62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5: 00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce: 2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21: 92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53: e6:d7:88:02 test generation of DSA parameters .++* ...++..+...++.+..+.. +++* seed D5014E4B 60EF2BA8